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Preface 



The International Symposium on the Fundamentals of Computation Theory 
FCT’99 was held in Ia§i, Romania, from August 30 to September 3, 1999. 
This was the 12th time the conference was held, after Poznan (Poland, 1977), 
Wendisch-Rietz (Germany, 1979), Szeged (Hungary, 1981), Borgholm (Sweden, 
1983), Cottbus (Germany, 1985), Kazan (Soviet Union, 1987), Szeged (Hun- 
gary, 1989), Berlin (Germany, 1991), Szeged (Hungary, 1993), Dresden (Ger- 
many, 1995), and Krakow (Poland, 1997). This 12th FCT was organized by 
“Alexandru loan Cuza” University of Ia§i, and it was endorsed by the European 
Association of Theoretical Computer Science and the Romanian Academy. The 
conference consisted of plenary lectures presented by invited speakers, parallel 
sessions for technical contributions, and two satellite workshops. 

As at previous conferences, the purpose of this FCT conference was to pro- 
mote high-quality research in all branches of theoretical computer science, and 
to bring together active specialists in the field. This is especially important now, 
at the turn of century, when computer science looks for new computing tools and 
for a better balance between theory and practice. A broad range of topics were 
considered of interest for submission and most of them are covered by the invited 
lectures and the papers accepted for presentation. These include: abstract data 
types, algorithms and data structures, automata and formal languages, categori- 
cal and topological approaches, complexity, computational geometry, computer 
systems theory, concurrency, constructive mathematics, cryptography, distribu- 
ted computation, fault-tolerant computing, logics in computer science, learning 
theory, process algebra and calculi, rewriting, semantics, specification, symbolic 
computation, universal algebra, molecular computing, and quantum computing. 

The program committee had a rather difficult task in selecting for presenta- 
tion only 42 papers out of the 104 submissions. Several papers which have not 
found themselves a place in the conference program are of high quality and worth 
accepting. The selection procedure was based on a very efficient and transparent 
electronic interaction among the members of the program committee by means 
of web pages and e-mail. We wish to thank all authors who have submitted 
papers for consideration, all program committee members for their timely and 
quality work, as well as the referees who have assisted the program committee 
in the laborious evaluation process. 

The present volume contains all 42 of the accepted technical contributions 
and 4 (of the 5) invited papers. 

Two satellite workshops were also organized: Formal Languages and Au- 
tomata (Ghair: A. Mateescu, Bucharest) and Distributed Systems (Ghair: G. 
§tefanescu, Bucharest). 




VI Organization 



The organizing committee was chaired by Gabriel Ciobanu, and it inclu- 
des C. Barbu, A. Bejan, S. Buraga, V.E. Cazanescu, L. Chiran, L. Ibanescu, 
D. Lucanu, A. Mateescu, C. Mitrofan, R. Negrescu, S. Orzan, G. Paun, and 
V. Tablan. We would like to thank all these people for their work, and especially 
Sabin Buraga for his web pages. We express our gratitude to the Dean and to 
all colleagues from the Department of Gomputer Science who have supported us 
in organizing this event. Special thanks are due to Professor G. Popa, Rector of 
“A. I. Guza” University, for his decisive help. 

We gratefully acknowledge the financial support of our sponsors: the Asso- 
ciation for Gomputing Machinery (many thanks to Glaus Unger, its Secretary 
and Treasurer), the National Agency for Science, Technology and Innovations, 
Motorola, S.G. Gotnari S.A., and other local companies. 

Last but not least, we thank Springer- Verlag - in particular Professor Jan 
van Leuween and Ruth Abraham - for an efficient collaboration in preparing 
this volume. 
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Randomized Complexity of Linear 
Arrangements and Polyhedra* 



Marek Karpinski 

The Institute for Advanced Study, Princeton, and 
Dept, of Computer Science, University of Bonn, 53117 Bonn 
Email: marek@cs.uni-bonn.de 



Abstract. We survey some of the recent results on the complexity of 
recognizing n-dimensional linear arrangements and convex polyhedra by 
randomized algebraic decision trees. We give also a number of concrete 
applications of these results. In particular, we derive first nontrivial, in 
fact quadratic, randomized lower bounds on the problems like Knapsack 
and Bounded Integer Programming. We formulate further several open 
problems and possible directions for future research. 



1 Introduction 

Linear search algorithms, algebraic decision trees, and computation trees were in- 
troduced early to simulate random access machines (RAM) model. They are also 
a very useful and simplified abstraction of various other RAM-related compu- 
tations cf. !AHU74| . IHLZHI, jssn, ISEH2], IHHil, ISHSal, HmHOI, and a useful 

tool in computational geometry. The same applies for the randomized models 
of computation. Starting with the papers of Manber and Tompa |MT8,5j . Snir 
[IS8,5j , Meyer auf der Heide |M8,5aj . jM^ there was an increasing interest, and 
continuing effort in the last decade to understand the intrinsic power of ran- 
domization in performing various computational tasks. We refer to Biirgisser, 
Karpinski and Lickteig |BKL93j . Grigoriev and Karpinski jnmj . Grigoriev, 
Karpinski, Meyer auf der Heide and Smolensky [GKIVISDT) , and Grigoriev, Kar- 
pinski and Smolensky | |GKS97| for the recent results (for the corresponding situa- 
tion in a randomized bit model computation cf., e.g., fKv^ . EmE!). For some 
new randomized lower bounds on high dimensional geometric problems see also 
Borodin, Ostrovsky and Rabani |B()B99j . In the retrospective, several algebraic 
and topological methods introduced for proving lower bounds for deterministic 
algebraic decision trees turned out to fail utterly for some reason for the rando- 
mized model of computation, see the papers on deterministic methods by Yao 

* Research partially supported by the DFG Grant KA 673/4-1, ESPRIT BR Grants 
7079, 21726, and EC-US 030, by DIMACS, and by the Max-Planck Research Prize. 
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EEii, isns, nnn, Steele and Yao iBiHa, Ben-Or mm, Bjorner, Lovasz 
and Yao |BTY92| and Grigoriev, Karpinski and Vorobjov |GKV97j . With the 
exception of some early results of Biirgisser, Karpinski and Lickteig inKnnsi, 
and Grigoriev and Karpinski |GK93j there were basically no methods available 
for proving lower bounds on the depth of general randomized algebraic decision 
trees. In Meyer auf der Heide |M85a| . a lower bound has been stated on the depth 
of randomized linear decision trees (with linear polynomials only) recognizing a 
linear arrangement. A gap in the proof of the Main Lemma of this paper was 
closed for the generic case first by Grigoriev and Karpinski in |GK94| . 

In this paper we survey some of the new methods which yield for the first 
time nontrivial lower bounds on the depth of randomized algebraic trees. The 
paper is organized as follows. In Section 2 we give necessary preliminaries for 
a general reader, and in Section 3 we introduce the underlying models of com- 
putation. In Section 4 we formulate the Main Results, and give some concrete 
applications. Section 5 deals with the phenomenon of a randomized speedup, and 
an explicit separation of deterministic and randomized depth. Section 6 presents 
some extensions of the results of Section 4. In Section 7 we formulate some open 
problems and possible directions for future research. 

2 Preliminaries 

We refer a general reader to IHbt] for basic notions on convex polytopes and 
linear arrangements, and to IL84I for basic algebraic notions. We refer also to 
for basic facts on real varieties and Betti numbers. 

For x,y € R" we denote by <x,y> the scalar product of x and y, 

n 

<x,y>= y^^Xjyj. 

i=l 

A hyperplane H C R" is a set defined hy H = {x € R"| <x,y >= a} for 
some y £ R", y 0, and a £ R. A closed halfspace H C R" is defined by 

= {x £ R"! <x,y> > a} for some y £ R", y 0, and a £ R. 

We call a finite union S = of hyperplanes Hi, a linear arrangement, 

and a finite intersection S'+ = of closed halfspaces , a polyhedron. 

A k-face L of a linear arrangement S' is a k-dimensional plane defined by inters- 
ecting n — k oi the hyperplanes Hi. If L is /c-dimensional on the boundary of S~^, 
is is also a k-face of S+. We call a 0-face, a vertex. 

When S C R" is considered here as a topological space, it is with a subspace 
topology induced by R". For any topological space S and an integer fc > 0, 
Pk{S) denotes the i-th Betti number, i. e., the ranfc of the i-th singular homology 
group. The Euler characteristic x(S) of S is defined by x(S) = 
provided the Betti numbers of S are finite. 
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Milnor and Thom UMl give fundamental bounds on the sums of Betti 

numbers J2k Pk{S) of algebraic sets in R” in the function of a degree bound on 
their defining polynomials: < d(2d— 1)"“^. 

We consider in sequel the following n-dimensional restrictions of NP-complete 
problems (cf. fl)l TSj . jlVIS4j . [IVIS5h^ V 

A Bounded Integer Programming Problem is a problem of recognizing a set 

Ln,k = {x € R" I 3 a S {0, , fc}" [< X, a >= fc]} 

for a given bound k on the size of integer solutions. 

The well known Knapsack Problem is the problem of recognizing the set Lnp. 
We consider further the problems of Element Distinctness, Set Disjointness 
and the Resultant (Decision Version) (cf. |H-( )83IJ L 

The Element Distinctness problem is the problem of recognizing the comple- 
ment of the set 

{x G R” I 3i,j,i^ j [xi = Xj]} . 

The Set Disjointness problem is the problem of determining for given two sets 
A = {xi, . . . , Xn}, B = {j/ 1 , . . . , ?/„} C R whether or not A fl i? = 0, i.e. recogni- 
zing the set {(a:i, ..., a;„, yi, ...,?/„) G R^” | Vf,j [xi ^ a;^]} 

The Resultant problem is the problem of computing for given x,y £ R" the 
resultant of x and y, Hi j(xi — yj) (cf. |B-()83| 1. Any algorithm for the Resultant 
problem can check whether the resultant yf 0, i.e. whether the sets {xi} and {yi} 
are disjoint, and therefore solve the Set Disjointness problem as well. 

It is not difficult to prove that the number of uertices ( 0- faces ) of the Bounded 

n2 

Integer Programming Problem Ln,k is at least (fc-l- 1 )t^, and the number of ^ — 
faces (assuming n is even) of the Element Distinctness is (|^)! (cf. |(IK1VIS97) 1. 

3 Computational Models 

We introduce now our underlying model of randomized computations, a rando- 
mized algebraic decision tree (RDT). 

An algebraic decision tree of degree d (d-DT) over R" is a rooted ternary 
tree. Its root and inner nodes are labelled by real multivariate polynomials 
g G R[a:i, . . . , a;„] of degree at most d, its leaves are marked ’’accepting” or 
’’rejecting”. A computation of a d-DT on an input x = {x\, . . . ,Xn) G R" con- 
sists of a sequence of traverses of a tree from the root to a leaf, always choosing 
the left/middle/right branch from a node labelled by a polynomial g according 
to the sign of g{xi, . . . ,Xn) {smaller/ equal/ greater than 0). The inputs x G R*^ 
arriving at accepting leaves form the set S C R" recognized (or computed) by 
the d-DT. 
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In this paper we deal with randomized algebraic decision trees of degree d 
(d-RDTs). A d-RDT over R" is a finite collection T = {Tq,} of d-DTs Tq, with 
the assigned rational probabilities Pa, = 1, of choosing (or randomized 

Ol 

compiling) out of the set {Tq,}. 

It is easily seen that the above model is equivalent to the other variant of 
a randomized algebraic decision tree allowing coin tosses at the special random 
nodes, and not charging for the random bits used. Our model of a d-RDT is 
also easily to be seen equivalent (up to a constant factor in depth) to the ’’equal 
probability” model with all trees having equal probabilities Pa = • The 

rest of the paper uses this simplified ’’equal probability” model, and identifies 
a d-RDT with a finite collection {Ti} of d-DTs. We say that such a d-RDT 
recognizes ( or computes) a set S C R", if it classifies every x G R" correctly 
(with respect to S) with probability at least 1 — e for some 0 < e < The 
parameter e bounds an error probability of computations of a d-RDT. 

It is readily seen that the class of sets S C R" recognizable by d-RDTs is 
closed under the complement. 

The depth of T = {Ti} is the maximum depth of T^’s in T. It is straight- 
forward to verify that the class of sets S C R" recognizable by d-RDTs is 
depth-invariant under changes of the error probability e in the interval (0, ^): 
for any two £i, £2 G (0, |), if 5” C R" is recognized by a d-RDT with error proba- 
bility £i, and depth t, it is also recognizable by a d-RDT with error probability 
£2 and depth 0{t) |M85cj . It is also known that a d-RDT with a worst case 
expected depth t, a notion used by some authors, can be simulated by a d-RDT 
with depth 0{t) ( [M'r85 | ) . 

4 Main Results 

We shall deal here with the randomized complexity of linear arrangements, and 
convex polyhedra. For the first class of sets several topological methods were 
developed for obtaining lower bounds for deterministic algebraic decision trees, 
and deterministic computation trees cf. pL78| . gSH2], EZIHal, [BLY.92! . |IS2l 
and [lY 94j . In Ben-Or [B-U8;ij a general deterministic lower bound l7(logC') was 
proven for C being the number of connected components of S' C R" or its 
complement. Yao (see also Bjorner, Lovasz and Yao pLY92j ) proved a 

decade later a deterministic lower bound l7(logx) for x the Euler characteristic 
of S C R". A stronger lower bound f2{logB) for B the sum of the Betti number 
of S C R" was proven later in Yao EHll- We have obvious inequalities C, x < R. 
For the second class of sets, convex polyhedra, the above topological methods 
fail because the invariant B = 1. For this class of sets, Grigoriev, Karpinski 
and Vorobjov |GKV97j introduced a drastically different method of counting 
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the number of faces of S' C R" of all dimensions. The new method transforms 
a set S C R" via ’’infinitesimal perturbations” into a smooth hypersurface and 
uses certain new calculus of principal curvatures on it. The resulting lower bound 
was f?(log N) for N being the number of faces of all dimensions provided N was 
large enough. 

All the above mentioned methods did not work, and this for the both classes 
of sets on the randomized algebraic decision trees, and this for a fundamental 
reason. In fact, they even did not seem to work for the linear decision trees; the 
gap in the proof of Meyer auf der Heide |M85a|| was firstly closed for the generic 
case by Grigoriev and Karpinski in unni]. The first very special randomized 
lower bounds were proven in Biirgisser, Karpinski and Lickteig jBKL93] . and 
Grigoriev and Karpinski EM- 

In this paper we survey some new general methods for proving lower bounds 
for d-RDTs recognizing linear arrangement and convex polyhedra. 

Let Hi C R", n<mbe the hyperplanes, and C R", 1 < 

i < m, n < m, the closed halfspaces. Define S = Hi, a linear arrangement, 
and S'+ = a polyhedron. 

In IGkMMf)7l the following general theorem was proven. 

Theorem 1. ( |GKMS97| ). Let e, c, S be any constants such that 0 < e < 
c >0, and C > S >0. There exists a constant c* >0 with the following property. 
If S (S~^) has at least k-faces for certain 0 < k < n, then the depth 

of any d-RDT computing S with the error probability e is greater than 

c*{n — k) logm for any degree d < cm^ . 

The original idea of this paper uses a nonarchimedean extension of a field, and 
consequently Tarski’s transfer principle Esa, and a leading term sign technique 
combined with a global labelled flag construction (attached to all k-faces along 
the path of a decision tree) for counting number of faces of all dimensions of the 
set S. 

We recall now the bounds of Section 2 on the number of k-faces of the n- 
dimensional restrictions of TVP-complete problems. The result above yields direc- 
tly the following concrete applications towards a Bounded Integer Programming 
Problem 

Ln,k = {x € R” I 3a G {0, ... , a>= /c]} (cf. [M85a]), 

and the Knapsack Problem K„ = Tn,i (cf. [M85b]. 

Corollary 1. 

(i) flfn?\og{k-\-l)) is a lower bound for the depth of any d-RDT computing the 
Bounded Integer Programming Problem Ln,k- 
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(a) J7(n^) is a lower bound for the depth of any d-RDT computing the Knapsack 
Problem. 

Theorem Ogives in fact much stronger lower bounds for non-constant degree 
d, d-RDTs. In the first case the sufficient condition on degree is d = i7((fc-|- 1)'*") 
for (5 < ^, in the second case d = f7(2‘^") for <5 < ^. 

It is also not too difficult to derive further randomized lower bounds 
(cf. !GKMS97j l. 

Corollary 2. l7(nlogn) is a lower bound for the depth of any d-RDT computing 
any of the following problems: 

(i) Element Distinctness, 

(ii) Set Disjointness, 

(Hi) Resultant. 

Corollary El holds also for the non-constant degree d-RDTs with d = D(n^) 
for d < 5 (cf. [KIK MS97| ). This leads us again to the very interesting computa- 
tional issue of the dependence of the actual computational power of d-RDTs on 
the degree bound d. 

It is also interesting to note that the proof method of |CKMS97] gives a new 
elementary technique for deterministic algebraic decision trees without making 
use of Milnor-Thom bound on Betti numbers of algebraic varieties. 

5 Randomized Speedup 

We shall investigate now the computational power of linear degree and sublinear 
depth n-RDTs and compare it with deterministic n-DTs. Such models can be 
easily simulated by randomized algebraic computational trees (CTs) in linear 
time. Also, it is easy to see that linear time CTs and linear time randomized 
CTs correspond to the non-uniform deterministic linear time and randomized 
linear time classes on the real number machine models (cf. ICkkbWhKI b 

Let us consider now the following permutational problem PERM {a) = 
{x\x € R", a; is a permutation of a} for a = (ui,...,an) S R", yf Uj for 
i ^ j. The number of connected components of PERM (a) equals nl and of its 
complement equals 1. By Ben-Or !b 7T83| the lower bound of any deterministic 
CT or any n — DT computing PERM (a) is f7(nlogn). However as noticed in 
[IBKf ;93] . there exists an n-RDT of constant depth computing PERM (a) as 
follows. Construct a polynomial p(C) = nr=i(C ~ ~ nr=i(C “ ^i) ^ I^[C]- We 

have X = {xi, ..., x^) G PERM{a) iff p{() = 0. The identity p{(() can be checked 
probabilistically by randomly chosing ( from the set 4n} and verifying 

whether p{() = 0. If p{() = 0, we decide that p{(() = 0 and x G PERM{a), 
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otherwise we have a witness that P(C) ^ 0 and x ^ PERM {a). The error pro- 
bability is bounded by Construct now 4n many n-DTs Tq having a single 
decision element p(C), T = {Tc}^g{i,..., 4 n}- T computes PERM{a) with error 
probability 

Lemma 1. (' |BKL93| b There are problems S C H" computable in 0(1) depth 
on n-RDTs which are not computable by any n-DT in depth o(n log n) 

The next separation results will be much more powerful in nature. We extend our 
underlying decision tree models to allow arbitrary analytic functions as decision 
elements (cf. [R.72| l. We denote such decision trees by A-DTs, and A-RDTs, 
respectively. 

Let us consider now the Octant Problem R” = {(xi,...,x„) S R"|a;i > 
0, ...,Xn > 0}, the problem of testing the membership to R". 

Rabin ITT7^ proved the following (see also KlkMMl)7l l 

Lemma 2. ( |R.72 |y Any A-DT computing R" has depth at least n. 

Grigoriev, Karpinski, Meyer auf der Heide and Smolensky were able 

to prove the following degree hierarchy result on randomized decision trees. 

Lemma 3. ( |GKMS97] y The depth of any d-RDT computing R" with error 
probability e G (0, |) is greater than or equal to ^(1 — 2e)^n. 

The Octant Problem is closely related to the well known MAX Problem: 
given n real numbers X\, . . . , x^, Xi G R, compute the maximum of them. Rabin 
Eza proved a sharp bound n — 1 on depth of any A-DT computing MAX . Ting 
and Yao |tYP| proved a dramatic improvement on the depth of the randomi- 
zed algebraic decision trees computing MAX for the case of pairwise distinct 
numbers (the leaves of a decision tree are labelled now by numbers 1, . . . , n). 

Theorem 2. (| [TY94| y There exists an n-RDT computing MAX problem for 
the case of pairwise distinct numbers in depth 0{log^n). 

We notice that the problem on whether x\ = max{xi, ...,Xn} is equivalent 
to the test whether {x\ — X 2 t--,x\ — x„) belongs to the octant R"“^. 

Grigoriev, Karpinski and Smolensky were able to extend the asser- 

tions of Lemma 3 and Theorem 2 to the following. 

Theorem 3. ( |GKS97j y There exists an n-RDT computing R" or deciding 
whether xi = max{xi, . . . ,Xn} in depth 0(log^ n). 



Theorem 4. ( |GKS97| y There exists an n-RDT computing MAX in depth 
0{log^n). 
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One notices a remarkable exponential randomized speed-up for the above 
problems having all (!) deterministic linear lower bounds, and this even for the 
general analytic decision trees ([ 0221 ). An important issue remains whether the 
randomized speed-up can be carried even further. Interestingly, Wigderson and 
Yao |WY98j proved the following result connected to the construction of [TY9^. 

Assume that the decision tree performs only tests of the form “x <V^\ x is 
smaller tYiaxi all elements in V . We call it a subset minimum test. The test of this 
form was used in the design of P3n3|. We denote a corresponding randomized 
decision tree (using the subset minimum test only) by SM-RDT. 

Theorem 5. (|WY98]). Every SM-RDT computing MAX problem has depth 
l7(log^ n/ log log n) . 

We turn now to the problems of proving lower bounds on the size of algebraic 
decision trees. Theorem 4 entails the subexponential size of n-RDTs computing 
MAX. 

In this context Grigoriev, Karpinski and Yao fni™i proved the first expo- 
nential deterministic size lower bound on (ternary) algebraic decision trees for 
MAX. It should be noted that there was no size lower bound greater than n — 1 
known before. 

The method used in this paper depends on the analysis of the so called 
“touching frequency” of the sets computed along the branches of a decision tree 
with the special ’’wall sets” related to the cellular decomposition of the set of 
(xi, . . . , Xn) G H” satisfying x\ = max{xi , . . . , Xn}. 

Theorem 6. ( |GKY98 |V Any (ternary) algebraic decision tree of degree d 
computing MAX problem in dimension n has size 17(2°^'^^") for the constant 
c{d) > 0 depending only on d. 

Grigoriev, Karpinski and Yao [GKY98] discovered also a new connection bet- 
ween a cellular decomposition of a set S C R" defined by polynomial constraints 
of degree d and the maximum number of minimal cutsets md,n of any rank-d 
hypergraph on n vertices. 

Theorem 7. ( [GKY98J V Any (ternary) algebraic decision tree of degree d 
computing MAX problem in dimension n has size at least 

Interestingly, Theorem 7 gives improvements of the constants c{d) used in 
Theorem 6. For any 2-DT computing MAX problem, c{d) computed via Theo- 
rem 7 is ~ 0.47, and via Theorem 6 is ~ 0.18 (cf. |GKY98j b 

We are still lacking basic general methods for proving nontrivial lower bo- 
unds on the size (number of inner nodes) of both d-DTs, and d-RDTs with an 
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exception of linear decision trees. In most cases the topological, and face coun- 
ting methods cannot even deal with the questions about the size lower bounds 
of the very weak form: ”is the size t+1 necessary?” for t a known lower bound 
on the depth of algebraic decision trees. 

6 Extensions 

We will turn now to the model of a randomized computation tree (RCT) 
modeling straight line computation in which we charge for each arithmetic 
operation needed to compute its decision elements (cf. [IH-()8,S] L 

The papers generalize the results of Section 4 to the case of 

RCT s using some new results on the border (generalization of the border rank 
of a tensor) and multiplicative complexity of a polynomial. 

Theorem 8. ( |QK97| , [G98] b 

(i) l7(n^log(fc -I- 1)) is a lower bound for the depth of any RCT computing the 
bounded Integer Programming Problem Ln^k- 
(a) fl{n^) is a lower bound for the depth of any RCT computing the Knapsack. 
(Hi) l7(nlogn) is a lower bound for the depth of any RCT computing the Element 
Distinctness. 

An important issue remains, and this in both cases, deterministic and rando- 
mized, about the generalization of algebraic decision trees and computation trees 
to the “ultimate models” of branching programs obtained by merging together 
equivalent nodes in a decision tree. An extended research on the boolean model 
of a branching program was carried throughout the last decade (cf., e.g., Borodin 
I5M1 . Razborov for deterministic programs, and Karpinski EMa, EMEl, 
Thathachar EnHi for randomized ones) . Much less is known about the model of 
algebraic branching programs, see also Yao 

7 Open Problems and Fnrther Research 

An important issue of the tradeoffs between the size and the depth of algebraic 
decision trees, computational trees, and branching programs remains widely 
open. We are not able at the moment, as mentioned before, to prove any non- 
trivial lower bound on the size of algebraic decision trees for the n-dimensional 
restrictions of NP-complete problems like Knapsack or Bounded Integer Pro- 
gramming (cf. EH2, iM85b| . Enni)- Nor can we prove any randomized size 
upper bounds for these problems better than the best known deterministic ones. 
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For the recent randomized lower bounds for the Nearest Neighbor Search Pro- 
blem on the related cell probe model see also |BOR99j . It will be very interesting 
to shed some more light on this model and also other related models capturing 
hashing and reflecting storage resources required by an actual geometric com- 
putation. 

Major problems remain open about the randomized decision complexity of 
concrete geometric problems expressed by simultaneous positivity of small degree 
polynomials, like quadratic or cubic ones, or the existential problems of simul- 
taneous positivity of small degree polynomials, corresponding to an algebraic 
version of the SAT problem. □ 

Note. Research partially supported by the DFG Grant KA 673/4-1, ESPRIT 
BR Grants 7079, 21726, and EG-US 030, by DIMAGS, and by the Max-Planck 
Research Prize. 



References 



[AHU74] 

[B-083] 

[BLY92] 

[B93] 

[BOR99] 

[BKL93] 

[CKKLW95] 

[DL78] 

[E87] 

[FK95] 

[G67] 



A.V. Aho, J.E. Hopcroft and J.D. Ullman, The Design and Analysis of 
Computer Algorithms, Addison- Wesley, 1974. 

M. Ben-Or, Lower Bounds for Algebraic Computation Trees, Proc. 15th 
ACM STOC (1983), pp. 80-86. 

A. Bjorner, L. Lovasz and A. Yao, Linear Decision Trees: Volume Esti- 
mates and Topological Bounds, Proc. 24th ACM STOC (1992), pp. 170- 
177. 

A. Borodin, Time Space Tradeoffs (Cetting Closer to the Barrier?), 
Proc. ISAAC’93, LNCS 762 (1993), Springer, 1993, pp. 209-220. 

A. Borodin, R. Ostrovsky and Y. Rabani, Lower Bounds for High Di- 
mensional Nearest Neighbour Search and Related Problems, Proc. 31st 
ACM STOC (1999), pp. 312-321. 

P. Biirgisser, M. Karpinski and T. Lickteig, On Randomized Algebraic 
Test Complexity, J. of Complexity 9 (1993), pp. 231-251. 

F. Cucker, M. Karpinski, P. Koiran, T. Lickteig, K. Werther, On Real 
Turing Machines that Toss Coins, Proc. 27th ACM STOC (1995), 
pp. 335-342. 

D.P. Dobkin and R. J. Lipton, A Lower Bound of on Linear Search 
Programs for the Knapsack Problem, J. Compt. Syst. Sci. 16 (1978), 
pp. 413-417. 

H. Edelsbrunner, Algorithms in Computational Geometry, Springer, 
1987. 

R. Freivalds and M. Karpinski, Lower Time Bounds for Randomi- 
zed Computation, Proc. 22nd ICALP’95, LNCS 944, Springer, 1995, 
pp. 183-195. 

B. Griinbaum, Convex Polytopes, John Wiley, 1967. 



[GK93] 

[GK94] 

[GK97] 

[GKMS97] 

[GKS97] 

[GKV97] 

[GKY98] 

[G98] 

[K98a] 

[K98b] 

[KM90] 

[KV88] 

[L84] 

[MT85] 

[M93] 

[M84] 

[M85a] 

[M85b] 



Randomized Complexity of Linear Arrangements and Polyhedra 1 1 

D. Grigoriev and M. Karpinski, Lower Bounds on Complexity of Testing 
Membership to a Polygon for Algebraic and Randomized Computation 
Trees, Technical Report TR-93-042, International Computer Science In- 
stitute, Berkeley, 1993. 

D. Grigoriev and M. Karpinski, Lower Bound for Randomized Linear 
Decision Tree Recognizing a Union of Hyperplanes in a Generic Position, 
Research Report No. 85114-CS, University of Bonn, 1994. 

D. Grigoriev and M. Karpinski, Randomized Lower Bound for 

Knapsack, Proc. 29th ACM STOC (1997), pp. 76-85. 

D. Grigoriev, M. Karpinski, F. Meyer auf der Heide and R. Smolensky, A 
Lower Bound for Randomized Algebraic Decision Trees, Comput. Com- 
plexity 6 (1997), pp. 357-375. 

D. Grigoriev, M. Karpinski, and R. Smolensky, Randomization and the 
Computational Power of Analytic and Algebraic Decision Trees, Com- 
put. Complexity 6 (1997), pp. 376-388. 

D. Grigoriev, M. Karpinski and N. Vorobjov, Lower Bound on Testing 
Membership to a Polyhedron by Algebraic Decision Trees, Discrete Com- 
put. Geom. 17 (1997), pp. 191-215. 

D. Grigoriev, M. Karpinski and A. C. Yao, An Exponential Lower Bo- 
und on the Size of Algebraic Decision Trees for MAX, Computational 
Complexity 7 (1998), pp. 193-203. 

D. Grigoriev, Randomized Complexity Lower Bounds, Proc. 30th ACM 
STOC (1998), pp. 219-223. 

M. Karpinski, On the Computational Power of Randomized Branching 
Programs, Proc. Randomized Algorithms 1998, Brno, 1998, pp. 1-12. 
M. Karpinski, Randomized OBDDs and the Model Checking, Proc. Pro- 
babilistic Methods in Verification, PROBMIV’98, Indianapolis, 1998, 
pp. 35-38. 

M. Karpinski and F. Meyer auf der Heide, On the Complexity of Genui- 
nely Polynomial Computation, Proc. MFCS’90, LNCS 452, Springer, 
1990, pp. 362-368. 

M. Karpinski and R. Verbeek, Randomness, Provability, and the Separa- 
tion of Monte Carlo Time and Space, LNCS 270 (1988), Springer, 1988, 
pp. 189-207. 

S. Lang, Algebra, Addison- Wesley, New York, 1984. 

U. Manber and M. Tompa, Probabilistic, N ondeterministic and Alterna- 
ting Decision Trees, J. ACM 32 (1985), pp. 720-732. 

S. Meiser, Point Location in Arrangements of Hyperplanes, Information 
and Computation 106 (1993), pp. 286-303. 

F. Meyer auf der Heide, A Polynomial Linear Search Algorithm for the 
n-Dimensional Knapsack Problem, J. ACM 31 (1984), pp. 668-676. 

F. Meyer auf der Heide, N ondeterministic versus Probabilistic Linear 
Search Algorithms, Proc. IEEE FOCS (1985a), pp. 65-73. 

F. Meyer auf der Heide, Lower Bounds for Solving Linear Diophantine 
Equations on Random Access Machines, J. ACM 32 (1985), pp. 929-937. 




12 



M. Karpinski 



[M85c] 

[M64] 

[R72] 

[R91] 

[SP82] 

[S85] 

[SY82] 

[T51] 

[T98] 

[T65] 

[TY94] 

[WY98] 

[Y81] 

[Y82] 

[Y92] 

[Y94] 



F. Meyer auf der Heide, Simulating Probabilistic by Deterministic Al- 
gebraic Computation Trees, Theoretical Computer Science 41 (1985c), 
pp. 325-330. 

J. Milnor, On the Betti Numbers of Real Varieties, Proc. Amer. Math. 
Soc. 15 (1964), pp. 275-280. 

M.O. Rabin, Proving Simultaneous Positivity of Linear Forms, J. Corn- 
put. Syst. Sciences 6 (1972), pp. 639-650. 

A. Razborov, Lower Bounds for Deterministic and Nondeterministic 
Branching Programs, Proc. FCT’91, LNCS 529, Springer, 1991, pp. 47- 
60. 

J. Simon and W.J. Paul, Decision Trees and Random Access Machi- 
nes, L’Enseignement Mathematique. Logic et Algorithmic, Univ. Ge- 
neva, 1982, pp. 331-340. 

M. Snir, Lower Bounds for Probabilistic Linear Decision Trees, Theor. 
Comput. Sci. 38 (1985), pp. 69-82. 

J.M. Steele and A.C. Yao, Lower Bounds for Algebraic Decision Trees, 
J. of Algorithms 3 (1982), pp. 1-8. 

A. Tarski, A Decision Method for Elementary Algebra and Geometry, 
University of California Press, 1951. 

J. S. Thathachar, On Separating the Read-k-Times Branching Program 
Hierarchy, Proc. 30th ACM STOC (1998), pp. 653-662. 

R. Thom, Sur L ’Homologie des Varieetes Algebriques Reelles, Princeton 
University Press, Princeton, 1965. 

H.F. Ting and A.C. Yao, Randomized Algorithm for finding Maximum 
with 0((logn)^) Polynomial Tests, Information Processing Letters 49 
(1994), pp. 39-43. 

A. Wigderson and A.C. Yao, A Lower Bound for Finding Minimum on 
Probabilistic Decision Trees, to appear. 

A.C. Yao, A Lower Bound to Finding Convex Hulls, J. ACM 28 (1981), 
pp. 780-787. 

A.C. Yao, On the Time-Space Tradeoff for Sorting with Linear Queries, 
Theoretical Computer Science 19 (1982), pp. 203-218. 

A.C. Yao, Algebraic Decision Trees and Euler Characteristics, Proc. 33rd 
IEEE FOCS (1992), pp. 268-277. 

A.C. Yao, Decision Tree Complexity and Betti Numbers, Proc. 26th 
ACM STOC (1994), pp. 615-624. 




Tile Transition Systems as 
Structured Coalgebras* 



Andrea Corradini^, Reiko Heckel^, and Ugo Montanari^ 



^ Dipartimento di Informatica, Universita degli Studi di Pisa, 

Corso Italia, 40, I - 56125 Pisa, Italia, {andrea, ugo}@di .unipi . it 
^ Universitat GH Paderborn, FB 17 Mathematik und Informatik, 
Warburger Str. 100, D-33098 Paderborn, Germany, reiko@uni-paderborn.de 



Abstract. The aim of this paper is to investigate the relation between 
two models of concurrent systems: tile rewrite systems and coalgebras. 
Tiles are rewrite rules with side effects which are endowed with opera- 
tions of parallel and sequential composition and synchronization. Their 
models can be described as monoidal double categories. Goalgebras can 
be considered, in a suitable mathematical setting, as dual to algebras. 
They can be used as models of dynamical systems with hidden states in 
order to study concepts of observational equivalence and bisimilarity in 
a more general setting. 

In order to capture in the coalgebraic presentation the algebraic struc- 
ture given by the composition operations on tiles, coalgebras have to be 
endowed with an algebraic structure as well. This leads to the concept 
of structured coalgebras, i.e., coalgebras for an endofunctor on a category 
of algebras. 

However, structured coalgebras are more restrictive than tile models. 
Those models which can be presented as structured coalgebras are cha- 
racterized by the so-called horizontal decomposition property, which, in- 
tuitively, requires that the behavior is compositional in the sense that all 
transitions from complex states can be derived by composing transitions 
out of component states. 



1 Introduction 

Tile logic relies on certain rewrite rules with side effects, called basic 

tiles, reminiscent of SOS rules ^2] and context systems IZH. Related models are 
structured transition systems m as well as rewriting logic which extends 

to concurrent systems with state changes the body of theory developed within 
the algebraic semantics approach. Tile logic has been conceived with similar aims 
and similar algebraic structure as rewriting logic, and it extends rewriting logic 

* Research partially supported by MURST project Teeniche Formali per Sistemi Soft- 
ware, by GNR Integrated Project Metodi per Sistemi Connessi mediante Reti, by 
TMR Network GETGRATS and by Esprit WGs APPLIGRAPH, GONPER2 and 
GOORDINA. 
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(in the unconditional case), since it takes into account state changes with side 
effects and synchronization. 

We now brieffy introduce tile logic. A tile A is a sequent which has the form: 

A: s — > s 

b 

and states that the initial configuration s of the system evolves to the final con- 
figuration s' producing an effect b. However s is in general open (not closed) 
and the rewrite step producing the effect b is actually possible only if the sub- 
components of s also evolve producing the trigger a. Both trigger a and effect 
b are called observations, and model the interaction, during a computation, of 
the system being described with its environment. More precisely, both system 
configurations are equipped with an input and an output interface, and the trig- 
ger just describes the evolution of the input interface from its initial to its final 
configuration. Similarly for the effect. It is convenient to visualize a tile as a 
two-dimensional structure (see Figure ^), where the horizontal dimension corre- 
sponds to the extension of the system, while the vertical dimension corresponds 
to the extension of the computation. Actually, we should also imagine a third 
dimension (the thickness of the tile), which models parallelism: configurations, 
observations, interfaces and tiles themselves are all supposed to consist of several 
components in parallel. 

The initial configuration of a tile A can also be called north (A), and likewise 
south(A), west(A) and east(A) stands for final configuration, trigger and effect, 
respectively. 
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Fig. 1: A tile. 



Configurations and observations are sometimes terms over a horizontal and 
a vertical signature, but for lots of applications to distributed systems it is con- 
venient to employ various kinds of graphs, diagrams and charts Also suitable 
structural axioms can be imposed on terms or graphs. 
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Tiles are equipped with inference rules expressing three operations of compo- 
sition: parallel (-0-), horizontal (-*-), and vertical (_•_) composition. Similarly, 
both configurations and observations are assumed to be equipped with operations 
of parallel and sequential composition, and interfaces with parallel composition 
only. 

The operation of parallel composition is self explanatory. Vertical composi- 
tion models sequential composition of transitions and computations. Horizontal 
composition corresponds to synchronization: the effect of the first tile acts as 
trigger of the second tile, and the resulting tile expresses the synchronized be- 
havior of both. 

In tile logic, a tile rewrite system provides signatures for configurations and 
observations and a set of basic tiles. Proofs start from basic tiles and apply the 
composition rules in all possible ways. The structure of tiles entailed in this way 
is specified by proof terms, built from the basic tiles used in the derivation and 
from the composition operations performed on them, up to certain structural 
axioms. Following the usual Curry-Howard analogy, proof terms are tiles, and 
their horizontal and vertical sources and targets are their types. However, quite 
often, proof terms are not relevant, and thus are omitted, or equivalently an 
additional normalizing axiom is introduced stating that two proof terms are 
the same whenever they have the same sources and targets. This is the case 
throughout in the paper. 

Tile models are monoidal double categories. A double category US] consists 
of four collections: objects, horizontal arrows, vertical arrows and cells, which 
correspond respectively to interfaces, configurations, observations and tiles of tile 
logic. Horizontal arrows with objects form the horizontal 1-category, and cells 
with vertical arrows form the horizontal 2-category. Contemporary horizontal 
composition of horizontal arrows and cells corresponds to horizontal composition 
of tile sequents. Similarly for the vertical dimension. Monoidal double categories 
have an additional operation which applies to the four collections above and 
which on tile sequents corresponds to parallel composition. If the tile logic is 
flat, i.e., it forgets about proof terms, it is appropriate to consider only flat 
models, too. A double category is flat if all the cells with the same sources and 
targets are identified. 

Tile rewrite systems are interpreted as computads, i.e., algebraic structures 
consisting again of objects, horizontal and vertical arrows, and cells, but where 
only 1-categories are defined. In the monoidal version of tile logic, configurations 
and observations are arrows of strict monoidal categories generated by two hyper- 
signatures. A more direct representation of configurations and observations relies 
on certain hypergraphs analogous to Petri sequential processes [fl. In the initial 
model, the tiles entailed by a tile rewrite system can now be interpreted as cells. 
More precisely, the initial model can be constructed as the monoidal double 
category freely generated by the computad corresponding to the tile rewrite 
system m- 

Additional operations and axioms can be imposed on proof terms, configu- 
rations and observations whenever extra structure is required. Correspondingly, 
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tile models are enriched and the construction of the initial models adapted. 
Symmetric monoidal, cartesian 0 and cartesian closed versions ^ of tiles have 
been defined. Moreover, different structures for configurations, observations and 
proof terms can be introduced to tailor the logic and the models to the specific 
needs of the applications. An expressive specification language for this purpose 
is membership equational logic I24I26I , which has also been used to map tile logic 
into rewriting logic for implementation purposes |5] . Of course these enriched tile 
models are still special cases of the basic models of monoidal double categories. 
Hence, the results of this paper apply. 

As it should be clear from the informal introduction above, the main inten- 
ded application area of tile logic are distibuted, interactive, open systems. In 
fact, tiles allow to model directly distribution (via the use of graphs to repre- 
sent configurations), interaction (via triggers and effects) and openness (via the 
instantiation of free variables in configurations). In addition, tiles introduce rich 
forms of compositionality and induction based on their operations. Examples 
of applications are CCS with localities |5|, 7r-calculus m and coordination of 
distributed systems P^ . 

The operational semantics of interactive systems is usually given in terms of 
labeled transition systems, and their abstract semantics in terms of sets of traces, 
or up to bisimilarity. When compositionality is an issue, semantic equivalence 
must be shown to be a congruence with respect to composition operations. The 
labeled transition systems associated to tile models are straightforwardly defined: 
horizontal arrows are states, tiles are transitions and pairs (trigger, effect) are 
labels. Tile bisimilarity is then defined in the standard way. It is also natural to 
define tile congruences as those equivalences of states, i.e., of horizontal arrows, 
which are functorial, i.e., which preserve their monoidal structure (identities, 
parallel composition and sequential composition). 

The problem of finding sufficient conditions on tile rewrite systems to en- 
sure that bisimilarity is a congruence in the initial model has been considered 
in m- The problem is divided in two parts. First a semantic condition, called 
decomposition property is defined on tile models, and it is shown that decom- 
position implies that bisimilarity is a congruence. The horizontal decomposition 
property is defined as follows. Whenever the vertical source h (which is a ho- 
rizontal arrow) of a cell A can be sequentially decomposed ss h = h\ \ h 2 , then 
also the cell itself must be horizontally decomposable as A = Ai * A 2 , where hi 
and /i 2 are the vertical sources of Ai and A 2 respectively. A similar condition is 
required for parallel composition. Informally, decomposition means that, given 
any computation A of a system h, and any subsystem h' of h, a computation 
A' of h' should exist which is a subcomputation of A. The second part consists 
in providing a syntactic condition, called basic source property, on tile rewrite 
systems: all rewrite rules must have just signature operators (i.e., basic graphs) 
as initial configurations and effects. It is possible to see that the basic source 
property ensures the decomposition property in the initial model, provided that 
there are no structural axioms in the specification. 
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The aim of this paper is to recast tile models enjoying a slightly stronger 
decomposition property (which we call reflective decomposition) as structured 
coalgebras. The use of coalgebras for the specification of dynamical systems with 
a hidden state space is receiving more and more attention in the last years, as a 
valid alternative to algebraic methods based on observational equivalences m- 
Given an endofunctor F on a category C, a coagebra is an arrow / : X — >■ F{X) 
of C and a coalgebra morphism from / to /' is an arrow h : X — ?> X' of 

C with h ; f' = f ;F{h). Under certain conditions on C and F, a category 
of coalgebras admits a final object, which can be considered informally as the 
minimal realization of the union of all the coalgebras in the category. 

Ordinary labeled transition systems (with finite or countable branching) can 
be represented as coalgebras for a suitable functor on Set. Furthermore, the 
unique morphism to the final coalgebra induces an equivalence which turns out 
to be exactly bisimilarity. Thus a first (rather straightforward) result of this 
paper is to show that tile models, seen as transition systems, can be considered 
as coalgebras and that their bisimilarity can be derived coalgebraically. 

However, this representation forgets about the algebraic structure on hori- 
zontal arrows, which are seen just as forming a family of sets. As a consequence, 
the property that bisimilarity is a congruence, which is essential for making 
abstract semantics compositional, is not reflected in the structure of the model. 

The problem of integrating coalgebras and algebras obtaining a model equip- 
ped with both structures has been tackled in Ilt2l . and an alternative but equi- 
valent approach based on structured coalgebras is presented in [S^KIj . Here, the 
endofunctor determining the coalgebraic structure is lifted from Set to the cate- 
gory of F-algebras, for some algebraic theory F. Morphisms between coalgebras 
in this category are both F-homomorphisms and coalgebra morphisms, and thus 
the unique morphism to the final coalgebra, which always exists, induces a (co- 
arsest) bisimulation congruence on any coalgebra. 

The second result of this paper is to show that by taking as F the theory 
of monoidal categories, a necessary and sufficient condition for the lifting to oc- 
cur is reflective horizontal decomposition. Thus we obtain in another way that 
decomposition implies bisimilarity to be a congruence. Reflective decomposition 
additionally requires that cells with vertical sources which are horizontal iden- 
tities must be identities for the horizontal composition of cells. It is easy to see 
that the basic source property implies also this extra condition for the initial 
model. 

The paper is organized as follows. After introducing monoidal double ca- 
tegories in Section El Section 0 defines tile rewrite systems and their models, 
bisimilarity and functoriality, as well as the horizontal decomposition and basic 
source properties. Section 0 provides the necessary background on structured 
coalgebras. Section 0 presents tile transition systems as coalgebras over families 
of sets, while Section 0 provides the lifting of the algebraic structure. Finally in 
Section Q as a case study, we show how the calculus of communicating systems 
(CCS) EH can be recast in the tile framework as well as in terms of structured 
coalgebras. 
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2 Monoidal Double Categories 

A double category is an internal category in the category of categories. Equiva- 
lently, double categories can be specified by a theory which is the tensor produd0 
of the theory of categories with itself. The theory of monoidal double categories 
can be obtained as the tensor product of the theory of categories (twice) with 
the theory of monoids. Thus, one can argue that if the desired model of com- 
putation must have operations of parallel and horizontal composition (to build 
more parallel and larger systems) and of vertical composition (to build longer 
computations), then monoidal double categories are the most natural answer. 

Here we give a more direct presentation of double categories, as done by 
Kelly and Street m- 

Definition 1 (double category). A double category T> consists of a collec- 
tion a,b,c, ... of objects, a collection h,g, f, ... of horizontal arrows, a collection 
v,u,w,... of vertical arrows and a collection A, B,C, ... of cells. 

Objects and horizontal arrows form the horizontal 1-category "H (see Fi- 
gure H), with identity id°^ for each object a, and composition _ * 







9 


h*g 




a - 


— - — > b * b 


y c = a - 


^ c 


a y a 



Fig. 2: Composition and identities in the horizontal 1-category. 



Objects and vertical arrows form also a category, called the vertical 1-category 
V (see Figure 0), with identity ida for each object a, and composition _ • _ (so- 
metimes we will refer to both id°^ and ida either with the object name a or with 
ida ) 

Cells are assigned horizontal source and target (which are vertical arrows) 
and vertical source and target ( which are horizontal arrows ); furthermore sour- 
ces and targets must be compatible, in the sense that, given a cell A, with vertical 
source h, vertical target g, horizontal source v, and horizontal target u, then h 
and V have the same source, g and u have the same target, the target of h is 
equal to the source of u, and the target of v is equal to the source of g. These 
constraints can be represented by the diagram in Fiqure\^ for which we use the 
notation A : h — - — > q. 

In addition, cells can be composed both horizontally (- * -) and vertically 
(-■ -) as follows: given A : h — g, B ■. f — k, and C : g — ^ — )• h' , then 

A*B : {h* f) — {g * k), and A-C : h > h' are cells. Both compositions 

^ Tensor product (see for instance m is a well-known construction for ordinary 
algebraic (Lawvere) theories. It can be extended to theories with partial operations 
(e.g. PMEqtl |2S1) with essentially the same properties. 
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Fig. 3: Composition and identities in the vertical 1-category. 



can be pictured by pasting the diagrams in Figure 0 Moreover, given a fourth 
cell D : k — ^ f', horizontal and vertical compositions verify the following 
exchange law (see also Figure 1 ^; 

{A - C) * {B ■ D) = {A* B) ■ {C * D) 
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5 - 
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A 


u 






' 





Fig. 4: Graphical representation of a cell. 



Under these rules, cells form both a horizontal category T>* and a vertical 
category V' , with respective identities 1„ : a — 1 c and : h — h. Given 

: h — ^ — > h and 1 ® : g — ^ — > g, the equation = 1 ^*® must hold 

(and similarly for vertical composition of horizontal identities), as illustrated in 
Figure Furthermore, horizontal and vertical identities of identities coincide, 
i.e., lida = 1 *"^ o,nd are denoted by the simpler notation (or just a). 

A flat double category satisfies the additional condition that two cells with 
the same horizontal and vertical sources and targets are the same cell. 

Remark 1. As a, matter of notation, sometimes we will use _ to denote the 
composition on both the horizontal and vertical 1-categories. 
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Definition 2 (double functor). Given two double categories V and E, a 
double functor F : T> — > E is a 4-tupls of functions mapping objects to ob- 
jects, horizontal and vertical arrows to horizontal and vertical arrows, and cells 
to cells, preserving identities and compositions of all kinds. 

A monoidal double category, for the strict case, is defined as follows. 

Definition 3 (strict monoidal double category) . A strict monoidal double 
category, sMD in the following, is a triple (2?,(g),e), where: 

— V is the underlying double category, 

— ®:V X T> — > V is a double functor called the tensor product, and 

— e is an object ofT> called the unit object, 

such that the following diagrams commute: 



0x1 

V xV X V >V X V 



Ix®^ 

VxV 





V 



where double functor 1 : T> — > T> is the identity on T>, the double functor e : 
T> — > T> (with some abuse of the notation) is the constant double functor which 
associates the object e and identities on e respectively to each object and each 
morphism/cell ofT>, and denotes the pairing of double functors induced by 
the cartesian product of double categories. These equations state that the tensor 
product _ 0 _ is associative on both objects, arrows and cells, and that e is the 
unit for _ 0 

A monoidal double functor is a double functor which preserves tensor product 
and unit object. We denote by fsMDCat the category of flat monoidal double 
categories and monoidal double functors. 



3 Tile Rewrite Systems 

We now introduce (the fiat monoidal versions of) tile rewrite systems and tile 
logic. Informally, a tile rewrite system is a set of double cells which, by horizontal, 
vertical and parallel composition, freely generate a monoidal double category. In 
the fiat, monoidal version, the 1-categories of horizontal and vertical arrows are 
the strict monoidal categories freely generated by a horizontal and a vertical 
(hyper-) signature, which share the same set of sorts. The resulting monoidal 
double category is fiat, i.e., two cells with the same horizontal and vertical source 
and target are identified. 

Definition 4 (many-sorted hyper-signature). Given a set S of sorts, a 
(many-sorted, hyper) signature is an S* x S* -indexed family of sets E = 
{i7„ m}(n,m)eS*xS*; whcrc S* denotes the free monoid on set S. Each f G En^m 
is denoted by f : n ^ m. 
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Definition 5 (monoidal category freely generated by a signature). Gi- 
ven a signature E, M(27) is the strict monoidal category freely generated by 



E. 



Definition 6 (tile rewrite systems). A monoidal tile rewrite system T is 
a quadruple {S, Eh, Ey, R) , where Eh,Ey are signatures on the same set S of 
sorts, and R C M(A’;j) x M(i7^) x M(27„) x M(A'/j) is the set o/ rewrite rules, 
such that for all (h,v,u,g) G R, we have h : n ^ m, g : k ^ I if and only if 
V : n ^ k,u : m ^ 1. 

For {h, V, u,g) G R we use the notation h — g, or we depict it as a tile 



n 



h 



■¥ m 




thus making explicit the source and target of each operator. 

The rules of a tile rewrite system can be considered as its basic sequents. 
In the following, we say that h rewrites to g, using a trigger v and producing 
an effect u, if the (flat) sequent h — g can be obtained by finitely many 
applications of certain inference rules. 

Definition 7 (tile sequents). Let T = {S, Eh, Ey, R) be a monoidal tile 
rewrite system. We say that T entails the tile sequent h — g, written 

T \- h — g, if and only if it can be obtained by a finite number of appli- 
cations of the inference rules given in Table 1. 

Basic rules provide the generators of the sequents, together with suitable 
identity arrows, whose intuitive meaning is that an element of M(27^) may stay 
idle during a rewrite, showing no effect and using no trigger. Similarly, a hori- 
zontal identity may be rewritten to itself whenever trigger and effect are equal. 
Composition rules express the way in which sequents can be combined, either 
sequentially (vert), or executing them in parallel (par), or nesting one inside the 
other {hor). 

It is easy to see that the tiles entailed by a tile rewrite system are the cells 
of a double category. 

Proposition 1 (from tile rewrite systems to double categories). Given a 
monoidal tile rewrite system T = {S, Eh, Ey, R) , the flat monoidal double cate- 
gory Ft{T) has M(27^) as horizontal 1-category, M(i7„) as vertical 1-category, 
and the flat tile sequents entailed by T as double cells. 

The models of a tile rewrite systems are defined as follows. 
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Table 1: Inference rules for monoidal tile sequents. 



Proposition 2 (models of tile rewrite systems). Given a tile rewrite system 
T, its category of flat models is the comma category (Fx{T) i fsMDCat). 

Notice that the models are themselves double categories and that Ft{T) is 
initial in the category of models of F- However, in the following we will not be 
interested in morphisms relating only the models of a single tile rewrite system, 
since abstraction based on bisimilarity may relate several of them. Thus in the 
following we will consider generic models, i.e., just monoidal double categories. 
We now introduce the ordinary notions of transition system and bisimilarity. 

Definition 8 (labeled transition systems). Let L he a fixed set of labels. A 
(nondeterministic) labeled transition system (over L), briefly LTS, is a structure 
TS = {S , — >Ts)> where S is a set of states, and — >tsQ S x L x S is a labeled 
transition relation. As usual, we write s —^ts s' for {s,l,s') G — >ts- 

A transition system morphism f : TS ^ TS' is a function f : S ^ S' 
which “preserves” the transitions, i.e., such that s ~^ts t implies f{s) ~^ts' 
f{t). We will denote by LTS^ the category of LTS over L and corresponding 
morphisms. 

Definition 9 (bisimilarity). Given a LTS TS = {S , — >ts)> equivalence 

relation = on S is a bisimulation if, whenever Si = S2, then for any transition 
Si — Si there exists a corresponding transition S2 —^ts s'2 with s( = s^. 
The maximal bisimulation is called bisimilarity, and denoted by ^ts- 
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Operational bisimilarity of double categories is defined in the straightforward 
way hinted at in the Introduction. 

Definition 10 (bisimilarity for double categories). Let T> be a double ca- 
tegory, and let TSx> be the labeled transition system where labels are pairs (v,u) 

of vertical arrows, states are horizontal arrows h, and h ^—^ts 9 if o,nd only if 
there is a cell A: h — ^ — > g. Two horizontal arrows are operationally bisimilar, 
hi ^op h2, iff hi ^ 2 - 

Definition 11 (functorial equivalence relation). Let V be a monoidal 
double category. An equivalence relation hi /i2 on the horizontal arrows is 
functorial for T> if, whenever h =f g, h' g' for generic horizontal arrows 
h,h',g,g', then h]h'=± g]g' (whenever defined) and h ® h' =f g ® g' . 

In other words, we are requiring that the quotient category of the horizontal 
1 -category of T> is well-defined, and it is monoidal. In general, it is not true 
that operational bisimilarity is also functorial. The following results (adapted 
from IE]) provide a characterization of such a property in terms of horizontal 
decomposition. The results hold for any monoidal double category, in particular 
for a flat one. 

Definition 12 (horizontal tile decomposition). LetV be a monoidal double 
category. We say that it is horizontally decomposable (or that it verifies the 
horizontal decomposition property^ if 

1 . whenever there is a cell A\ hi;h2 — ^ — > g, then there are also cells Ai : 

hi 2 > gi and A2 : /12 ^ > 52 with A = Ai * A2; 

2 . whenever there is a cell A: hi® h2 — g, then there are also cells Ai : 

hi — gi and A2 : /12 — 92 with A = Ai ® A2. 

Category T> verifies the reflective horizontal decomposition property if, in addi- 
tion, for each cell A: f — g, f = a implies A = 1 „ : a — — ;■ a, and f = e 

implies A = e\ e — ^ — > e. 

Proposition 3 (decomposition implies that bisimilarity is functorial). 

Let T> be a monoidal double category. Lf it verifies the horizontal decomposition 
property, then operational bisimilarity ^op is functorial. 

The notions of bisimilarity, functoriality and (reflective) horizontal decom- 
position can be defined also for a tile rewrite system T: it is enough to check if 
they hold for Ft{T). Notice in particular that for T the operational bisimilarity 
^op is a relation on configurations. 

Given a tile rewrite system F, it may be difficult to check if it is decom- 
posable (and thus if its operational bisimilarity is functorial). We can provide a 
syntactical property of T that implies reflective decomposition. 
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Proposition 4 (basic source property and decomposition). Let T = 

{S, Sfi, Sy,R) be a tile rewrite system such that, for all h — g G R, h G 

and u G Sv (hence, both initial configuration and effect are just operators). Then 
Ft{T) verifies the reflective horizontal decomposition property. 

4 Coalgebras and Structured Coalgebras 

As recalled in the introduction, the use of coalgebras for the specification of 
dynamical systems with a hidden state space is receiving more and more at- 
tention in the last years, as a valid alternative to algebraic methods based on 
observational equivalences EE2. 

In this section we first introduce the standard way to represent labeled tran- 
sition systems as coalgebras for a suitable powerset functor and then we 
discuss how this encoding can be lifted to a more structured framework, where 
the coalgebraic representation keeps the relevant algebraic structure of the sta- 
tes and transition of the encoded system. Let us start introducing the formal 
definition of coalgebra for a functor. 

Definition 13 (coalgebras). Let B : C ^ C be an endofunctor on a category 
C. A coalgebra for B or i?-coalgebra is a pair {A, a) where A is an object of C 
and a : A — >■ B{A) is an arrow. A i?-cohomomorphism / : {A, a) — >■ {A', a') is 
an arrow f \ A ^ A! of C such that 

f-,a' = a;B{f). (1) 

The category of B-coalgebras and B-cohomomorphisms will be denoted 
i?-Coalg. The underlying functor U : S-Coalg — >■ C maps an object {A, a) 
to A and an arrow f to itself. 

Let Pl ■ Set — >■ Set be the functor defined as X V{L x X) where L is a 
fixed set of labels and V denotes the powerset functor. Then coalgebras for this 
functor are one-to-one with labeled transition systems over L Up- 

Proposition 5 (labeled transition systems as coalgebras). Category 
Pi-Coalg is isomorphic to the sub-category o/LTSi containing all its objects, 
and all the morphisms f \TS ^ T S' which also “reflect” transitions, i.e., such 
that if f{s) ~^TS' t then there is a state s' G S such that s —^ts s' and 
f(s') = t. 

It is instructive to spell out the correspondence just stated. For objects, 
a transition system {S, — >) is mapped to the coalgebra {S, a) where ct(s) = 
{(/, s') I s — ^ s'}, and, vice versa, a coalgebra {S,a : S ^ Pl{S)) is mapped to 
the system {S, — >), with s — ^ s' if {I, s') S cr(s). For arrows, by spelling out 
condition © for functor P^, we get 

Vs e 5 . {{I, t) I /(s) ^t} = {{l, /(s')) I s ^ s'}, 
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and by splitting this set equality in the conjunction of the two inclusions, one 
can easily see that inclusion “D” is equivalent to s s' =» f(s) f(s'), 
showing that / is a transition system morphism, while the left-to-right inclusion 
is equivalent to f(s) — ^ t ^ 3s' . s s' A f(s') = t, meaning that / is a 
“zig-zag” morphism, i.e., that it reflects transitions. 

The property of “reflecting behaviors” enjoyed by cohomomorphisms plays a 
fundamental role, for example, for the characterization of bisimulation relations 
as spans of cohomomorphisms, for the relevance of final coalgebras, and for 
various other results of the theory of coalgebras ISH- Given two coalgebras (A, a) 
and (A', a'), a coalgehraic bisimulation on them is a coalgebra {A x A' , r) having 
as carrier the cartesian product of the carriers, and such that the projections 
■K ■. A X A' ^ A and n' ■. A x A' ^ A' are cohomomorphisms. Interestingly, it 
is easy to check that two states of a labeled transition system S are bisimilar 
(in the standard sense, see Definition EJ if and only if there is a coalgebraic 
bisimulation on S (regarded as a Pt-coalgebra) which relates them. 

An even easier definition of categorical bisimilarity can be given if there 
exists a final coalgebra. In this case, two elements of the carrier of a coalgebra 
are bisimilar iff they are mapped to the same element of the final coalgebra 
by the unique cohomomorphism. Unfortunately, due to cardinality reasons, the 
functor Pl used for the coalgebraic representation of transition systems does 
not admit a final coalgebra m- One satisfactory, alternative solution consists of 
replacing the powerset functor V on Set by the countable powerset functor Vc, 
which maps a set to the family of its countable subsets. Then defining the functor 
P£ : Set — )> Set by X VciL x X) one has that coalgebras for this endofunctor 
are in one-to-one correspondence with transition systems with countable degree, 
i.e., systems where for each state s € S the set {{s' ,1) \ s — ^ s'} is countable, 
the correspondence being defined exactly as in Propositional Unlike functor P^, 
the functor P} admits cofree and final coalgebras. 

Proposition 6 (final and cofree P£-coalgebras). The obvious underlying 
functor U : P£-Coalg — ^ Set has a right adjoint R : Set — ^ P£-Coalg associa- 
ting with each set X a cofree coalgebra over X . As a consequence, the category 
P}-Coalg has a final object, which is the cofree coalgebra P(l) over a final set 

1 . 



We shall stick to this functor throughout the rest of the paper, and since 
there is no room for confusion the superscript c will be understood. 

Often transition systems come equipped with some algebraic structure on 
states, transitions, and/or labels, which plays a relevant role in the corresponding 
theory. For example, in calculi of the family of process algebras, like CCS 123 and 
the TT-calculus I2E1, the agents (states) are closed under certain operations that 
can be interpreted as either structural (like parallel composition) or behavioural 
(like prefixing and nondeterminstic choice). The same algebraic structure can 
be extended to the collection of transitions, in a way that is determined by 
the SOS rules which specify the operational semantics of the calculus. This 
more structured framework makes it possible to investigate the compositionality 
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properties of relevant equivalences on agents: one typical interesting question is 
whether bisimilarity is a congruence with respect to the operations defined on 
states. 

Also the structured transition systems, studied for example in El , are equip- 
ped with an (essentially) algebraic structure on both states and transitions. Here 
the operators are interpreted as structural ones, basic transitions are regarded 
as local changes on a distributed state, and the algebra on transitions ensu- 
res that basic transitions can be fired in any context and also in parallel. It has 
been shown that programs of many computational formalisms (including, among 
others, P/T Petri nets in the sense of |2Sj, term rewriting systems, term graph 
rewriting [Z], graph rewriting wm, Horn Clause Logic [0|) can be encoded 
as heterogeneous graphs having as collection of nodes algebras with respect to 
a suitable algebraic specification, and usually a poorer structure on arcs (often 
they are just a set). Structured transition systems are defined instead as graphs 
having a similar algebraic structure both on nodes and on arcs. A free construc- 
tion associates with each program its induced structured transition system, from 
which a second free construction is used to generate the free model, i.e., a struc- 
tured category which lifts the algebraic structure to the transition sequences. 
This induces an equivalence relation on the computations of a system, which is 
shown to capture some basic properties of true concurrency. Moreover, since the 
construction of the free model is a left adjoint functor, it is compositional with 
respect to operations on programs expressible as colimits. 

Last but not least, also the tile transition systems introduced in the previous 
section have a rich algebraic structure on states, which are the arrows of a 
monoidal category, and the same structure is also defined on transitions, which 
are the tiles. Clearly, the general results presented at the end of the previous 
section, relating basic source and reflective horizontal decomposition properties, 
make an essential use of this algebraic structure. 

For all the systems mentioned above (process algebra, structured transition 
systems and tile rewrite systems) the coalgebraic representation using functor 
Pl (for a suitable L) introduced in Proposition El is not completely satisfactory, 
because by definition the carrier is just a set and therefore the algebraic struc- 
ture on both states and transitions is lost. This calls for the introduction of 
structured coalgebras, i.e., coalgebras for an endofuctor on a category Alg{P) of 
algebras for a signature (or algebraic specification) P which is determined by the 
structure of states. Since it is natural to require that the structured coalgebraic 
representation of a system is compatible with the unstructured, set-based one, 
the following notion will be relevant. 

Definition 14 (lifting). Given endofunctors B : C ^ C, B' \ C ^ C and a 
functor V ■. C ^ C, B' is called a lifting of B along V , if B'-, V = V; B. 

In particular, if : Alg{P) Set is the underlying set functor, one will 
consider typically a functor B' : Alg{P) Alg{P) which is a lifting of Pl along 
V^. 

The structured coalgebraic representation of transition systems has been stu- 
died in for the case of CCS and other process algebra whose operational se- 
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mantics is given by SOS rules in the DeSimone format, and in 0 for structured 
transition systems. In the first case the lifting of Pl is determined by the SOS 
rules, while in the second one it is uniquely determined by the specification P. 
In both cases, as well as for the case of tile transition systems addressed in the 
next sections, the following interesting fact applies Id2l8l . 

Proposition 7 (bisimilarity is a congruence in structured coalgebras). 

Let P be an algebraic specification, L be a P -algebra of labels, and : Alg{P) — >■ 
Alg{P) be a lifting of Pj^ : Set — >■ Set. If (S,a) is a B^-coalgebra and {S, — >) 
its corresponding structured LTS, then bisimilarity on {S, — >) is a congruence 
with respect to the operators in P. 

The statement follows by the observation that the right adjoint R : Set — ^ 
Pi-Coalg of Proposition 0 lifts to a right adjoint : Alg{P) — >■ S£-Coalg 
for the forgetful functor , with V^-, R = V£ (see |^), as shown in the 
following diagram. 

Fb 

Pi-Coalg ' ^ S£-Coalg 

Set X I ! Alg{P) 

Now, since R^ and are both right adjoints, i?£-Coalg inherits a final 
object i?^(l) from Alg{P) which is then preserved by . Hence, bisimilarity 
induced by the final morphism to i?'^(l) in H-^-Coalg is determined by the 
underlying sets and functions, that is, its definition does not use the algebraic 
structure of states and transitions. Since the final morphisms in H^-Coalg are 
T-homomorphisms, it follows that bisimilarity is a congruence. 

In other words, a structured transition system can be represented as a struc- 
tured coalgebra only if bisimilarity is a congruence. This property certainly holds, 
for example, for specifications in GSOS format, which are considered in |S|. 
Certain structures are used there, called bialgebras, which combine aspects of 
algebras and coalgebras: bialgebras can be regarded as an alternative, equiva- 
lent presentation of structured coalgebras |H|. A specification in GSOS format 
is shown to satisfy a certain diagram called pentagonal law, which ensures the 
existence both of an algebra of transiton systems and of an algebraic structure 
on their states. The pentagonal law also makes sure that bisimilarity is a congru- 
ence, showing that GSOS specifications perfectly fit in the structured coalgebraic 
framework. 

A rather more general specification format is considered in CI3, namely, the 
algebraic format unj, where the premise of a rule consists entirely of transitions 
on variables, and which generalizes rules in deSimone format by allowing com- 
plex terms in the source of the conclusion of a rule. In that paper, we first studied 
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under which conditions transition systems can be represented as structured coal- 
gebras on an environment category of algebras. It turned out that the conditions 
which guarantee a coalgebraic presentation are very similar to the ones which en- 
sure that bisimilarity is a congruence. Essentially they require that the behavior 
of the system is compositional, in the sense that all transitions from complex 
states can be derived using the rules from transitions out of component states. 
Thus one could say that what was considered a methodological convenience, i.e., 
that in the SOS approach each language construct is defined separately by a few 
clauses, is in fact mandatory to guarantee a satisfactory algebraic structure. 

Next we proposed a general procedure which can be applied also to SOS 
specifications not satisfying the above property. More precisely, given any SOS 
specification in algebraic format, we defined its context closure, i.e., another spe- 
cification including also the possible context transitions, which are transitions 
resulting in the addition of some context and labelled by it. We proved that 
bisimilarity for the context closure corresponds to dynamic hisimilarity for the 
original specification, which is by definition the coarsest bisimulation which is 
a congruence: as a consequence the context closure of a system is always repre- 
sentable as a structured coalgebra. This result is particularly relevant for open 
systems, for which dynamic bisimilarity seems to be the right notion of equiva- 
lence, since it takes into account not only experiments based on communications 
with the external world, but also experiments consisting of the additions of new 
components. 

A different point of view is taken in 0, where it is argued that the pro- 
perty that bisimilarity is a congruence is too restrictive for structured transition 
systems, because it implies that basic transitions are defined only on atomic 
states. As a simple example, let us introduce the structured transition system 
associated with a simple P/T Petri net N consisting of places S = {a,b,c} and 
of a single transition T = {t : a © 6 — > c} (consuming one token of place a and 
one of b and producing one in c) . According to m. the relevant algebraic struc- 
ture is that of commutative monoids: the markings of the net can be regarded 
as elements of the free commutative monoid S®, and the structured transition 
system associated with N, denoted TS{N), is obtained by adding idle transi- 
tions for each place and by extending the parallel composition operation © in 
an obvious way to transitions. Now, let us assume that idle transitions are not 
visible (formally, they are labeled with the unit of the monoid of labels) . Then 
it is easily seen that markings a and b are bisimilar (only idle transitions are 
possible) and clearly b and b are bisimilar as well. However, we have a © 6 — ^ c, 
while only the idle transition is possible from 6 © 6. This shows that these two 
states are not bisimilar. Therefore one single basic transition having as source a 
composed state is sufficient to show that bisimilarity is not a congruence. As a 
consequence, in the notion of lax coalgebra is introduced, which weakens the 
standard definition in order to allow for a full, coalgebra-like representation of 
structured transition systems. 
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5 Double and Tile Transition Systems as Coalgebras 

In the previous section we have shown that labeled transition systems can be 
represented as coalgebras for an endofunctor on the category of sets. In this 
section, a similar representation for tile models (i.e., monoidal double categories) 
shall be developed. 

In analogy to labeled transition systems, double transition systems are de- 
fined as flat monoidal double categories over a fixed vertical 1-category V of 
observations. In Proposition 0 it is shown that coalgebra morphisms correspond 
to morphisms between labeled transition systems which (preserve and) reflect 
transitions. Below, an analogous restriction on monoidal double functors is in- 
troduced. 

Definition 15 (double and tile transition systems). Given a monoidal 
category of observations V, a double transition system over V is a flat monoidal 
double category T> which has V as vertical 1-category. 

A morphism between double transition systems T> and T>' over V is a monoidal 
double functor F : T> ^ T>' which acts on V as identity. It reflects transitions if 



We denote by fsMDCaty the category of double transition systems over V and 
transition reflecting morphisms. 

Given a tile rewrite system T = {S, Ey, R) , its associated tile transition 
system is its free model Ft{T), seen as a double transition system over M(A'i,). 

The endofunctor whose coalgebras represent double transition systems is only 
slightly more complex than functor defined in Section 01 Since the states of a 
double transition system are arrows of a category (the horizontal 1-category R), 
they are typed by their source and target objects. Consequently, the carrier of 
the corresponding coalgebra shouldn’t be just a set but a family of sets indexed 
by pairs of objects of V. The endofunctor Py deflned below on the category 
Set'^ I is therefore a many-sorted version of as deflned in Sectional 

Definition 16 (endofunctor Py for double transition systems). Given a 
monoidal category V = {V,®,e), the functor Py : Set^^ ^ — >■ Set^^ ^ is defined 
for every |V| x |V|-m<iexe(i set S by 



functor is defined analogously. 

Notice that, according to the interpretation of tiles as cells, two vertical arrows 
are provided as observations. Moreover, transitions do not necessarily preserve 
the type of the state because there may be cells whose vertical source and target 
(which are horizontal arrows) are arrows of different type. 



V/ e n. F{f) g'GV' =^3gGH.f g A F{g) = g' 



On arrows of Set^^ i.e., |V| x \V\-indexed indexed families of functions, the 
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Proposition 8 (double transition systems as coalgebras). Given V and 
P\) as above, there exists a functor Clg : fsMDCatv — ^ PyCoalg such that 
for every countably branching double transition system T> £ fsMDCaty with 
horizontal 1-category H and all f,g GH 

f ^op 9 iff (fU) = 

where 4> : Clg{T>) — >■ is the unique morphism into the final Pv-coalgebra 

(which exists by similar arguments as in Proposition^ . 

Proof. For a double transition system T> as above, the corresponding Py 
coalgebra is Clg(V) = (('H(n, 5(n, m)„,mg|v|) with 

S{n,m){f) = {{a,b,g) \ f g GV} (2) 

for all / £ Notice that jPl = |V|. □ 

Thus, the use of many-sorted coalgebras allows us to retain the typing of 
states of double transition systems by pairs of objects. However, the algebraic 
structure given by the operations of the horizontal 1-category P is lost. This 
problem is solved in the next section by lifting many-sorted to structured coal- 
gebras. 

6 Lifting the Algebraic Structure 

We follow the outline of Section^ first, we specify explicitly the algebraic struc- 
ture on states and transitions. Then, we lift the endofunctor Py to the corre- 
sponding category of algebras. Finally we show that double transition systems 
which satisfy the reflective horizontal decomposition property can be actually 
represented as structured coalgebras for the lifted functor. 

In a double transition system P, the algebraic structure of states is given by 
the monoidal category structure of the horizontal 1-category P. Since we have 
fixed a monoidal category of observations V as vertical 1-category, we know in 
advance the monoid of objects V. This allows to regard a monoidal category as a 
total algebra for the following signature (given with respect to the fixed monoid 
V = (0,(g),e)). 

signature MonCat(V) = 
sorts 

(n, m) for all n,m G O 

operations 



;n,m,k ■ {n, m){m, k) -)> (n, k) 


for all n,m,k G O 


n :— >■ (n, n) 


for all n £ O 


e : — >■ (e, e) 




: («, m') {n®n',m® m') 


for all n, m, n'm' £ O 
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Algebras for this signature satisfying the usual laws of strict monoidal categories 
are the objects of the category MonCaty. Its arrows are given by MonCat( V)- 
homomorphisms, i.e., strict monoidal functors preserving the monoid of objects 
V. We usually omit the subscripts at operations when this causes no confusion. 

As anticipated above, in order to represent a double transition system as a 
coalgebra in the category MonCaty, we have to provide a lifting of the en- 
dofunctor Py defined on (families of) sets to the category of algebras. In the 
definition below, the resulting functor is called Py. 

Definition 17 (lifting endofunctor Py to MonCaty). The functor Py : 
MonCaty MonCaty is defined as follows. Given M = {S,; ,id,^,e) G 
I MonCaty I, the algebra 

Py(M) = PM = (Py(S'), 



is given by 

S;P^T = { (a, c, g; h) \ (a, b, g) G fy (6, c, h) G T} 
idPM = ^(^a, a, m) | a : n — >■ m G V} 

S' g) T = {{a 1^) a',biSi b' ,g g) g') \ (a, 6, g) G S, (o', b' ,g') G T} 
e^“ = {(e,e,e)} 

On arrows o/ MonCaty, the functor is defined like Pv- 

Next we show that a double transition system can be represented as a 
Py-coalgebra iff it satisfies the reflective decomposition property. Denote by 
fsMDCaty the full subcategory of fsMDCaty whose objects are countably 
branching double transition systems satisfying the reflective decomposition pro- 
perty. 

Proposition 9 (double transition systems as structured coalgebras). 

Let T> be a countably branching double transition system and TL be its horizontal 
Tcategory. Then, Clg(T>) = {TL,5) with S defined like in ^ is a P^-coalgebra if 
and only ifT> satisfies the reflective horizontal decomposition property. 

Moreover, this translation extends to a functor Clg : fsMDCaty — >■ 
ify-Coalg. 

Thus, under the assumption of the reflective horizontal decomposition pro- 
perty, we actually retain the horizontal structure of double transition systems 
in the coalgebraic presentation. What is lost in any case is the vertical structure 
which is, however, not relevant for the notion of bisimilarity. 

More precisely, we can show that the category fsMDCaty of horizontally 
decomposable double transition systems is isomorphic to the full subcategory 
of Py-Coalg whose objects are coalgebras {TL, S) with transitive and reflexive 

transition “relations”. This means, writing / — ^ — > g for {a,b,g) G S{f), that 
they have to satisfy the rules (vert) and (v-refl) of Tabled 
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7 An Application to CCS 

As a case study, we present in this section a version without recursion of the 
calculus of communicating systems (shortly, CCS) introduced by Robin Milner 
El- The same presentation has appeared in m- Essentially the same presenta- 
tion, but for a cartesian (rather than monoidal) structure of configurations, was 
reported in PS]. CCS with the replication operator is modeled with tiles in Pj. 
A concurrent version of CCS with localities is in PH. 

Syntax of CCS. Let A be the alphabet for basic actions (which is ranged over 
by a) and A the alphabet of complementary actions {A = A and A C\ A — %)\ 
the set A = Z\UZ\ will be ranged over by A. Let r ^ A be a distinguished action, 
and let A U {r} (ranged over by /i) be the set of CCS actions. 

The syntax of finite CCS agents is defined by the following grammar 

P::= nil \ fx.P \ P\a \ P + P \ P\P 

Operational Semantics of CCS. The dynamic behavior of CCS closed agents 
can be described by a transition system TSccs, where labels are actions, states 
are closed CCS agents and the transition relation is freely generated from the 
following set of inference rules 



P Q p, ^ {a, a} 
yi.P P P\a Q\a 

P^Q P^Q 

P + R-!^Q R + P^Q 

P^Q 

R\P^R\Q 

{{a.nil + b.nil) \ a.nil)\a — ^ {nil \ nil)\a, 
its proof is as follows: 



P -^Q P ^ Q, P' ^ Q' 

P\R^Q\R P\P' ^Q\Q' 

Given the transition 



a.nil 



nil 



a.nil -b b.nil 



nil a.nil 



nil 



{a.nil + b.nil) \ a.nil nil \ nil 
{{a.nil + b.nil) \ a.nil)\a — ^ {nil \ nil)\a 
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Abstract Semantics of CCS. Ordinary bisimilarity between CCS agents, written 
P ^ord Q, is just the relation P ^tSccs Q according to the general Definition 0 
We now present the tile rewrite system for CCS. 



Signatures of the CCS tile rewrite system. There is only one sort 1. The free 
monoid generated by it is represented by underlined natural numbers with 
n®m = m + n and e = 0. For the horizontal signature the operators are: 
nil e (Iff /i-- and _\a e _ + _ and - | - G and 

!(_) G The latter constructor, called eraser, is needed to discard 

the rejected alternative after a choice step. Except for the eraser, the operators 
of the horizontal signature directly correspond to CCS syntactical operators. 
Thus we will consider CCS agents (not necessarily closed) as suitable arrows of 
the monoidal category For the vertical signature the operators are 



Rules of the CCS tile rewrite system. 

u 



Pref^ : /H- 1 


Res“ : \, 


Sumlu : 


Sumr^ : 


V 

Comply : _ 1 _ — | _ 


Compr^ : 



for fj. ^ {a, a} 






. ! ( 8 ) 1 
i'S’M 



SynchA : _ | _ 



A® A 



We call Tecs the CCS tile rewrite system. The rules of Tecs closely corre- 
spond to the SOS rules. For instance rule Pref^ states, as its SOS counterpart, 
that constructor /r can be deleted, i.e., it can be replaced by the identity 1. Fur- 
thermore, the trigger is also the identity, and thus the corresponding SOS rule is 
an axiom. Finally, the effect is ^ and this corresponds to the label of the tran- 
sition in the SOS case. As another example, rule Suml^ defines left choice. The 
initial configuration is the constructor _ : 2 — >■ 1, while the final configuration 

is I®! : 2 — 1, which states that the first component is preserved and the second 
component is discarded. The trigger states that in the first component we must 
have an action ^ while no action (i.e., identity action) is required on the second 
component. Action /r is then transferred to the effect. 

The tile corresponding to the previous example is obtained as follows: 



A = {{{nil * Prefa) ® {b.nil) * Sumla) ® {nil * Prefa)) * Syncha * Res^. 

The next proposition states the equivalence of the SOS and tile definitions 
of CCS. 

Proposition 10 (SOS/tile equivalence for CCS). Civen two CCS agents 
P and Q, we have P ^ord Q if nnd only if P ^op Q for the CCS tile rewrite 
system. 

In order to represent Tecs us u coalgebra, we have to verify the reflective 
horizontal decomposition property. Thanks to Proposition ^ it is enough to 
check by inspection that all rules of Tecs satisfy the basic source property. 
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Proposition 11 (coalgebraic presentation of CCS tile rewrite system). 

The CCS tile rewrite system Tecs satisfies the basic source property and hence the 
reflective horizontal decomposition property. As a consequence, the tile transition 
system Ft{Tccs) generated by Tecs can be represented as a P-^s/K^^cesy coalgebra 

Clg{FT{Tccs)) = (M(rf^^),a) 

such that P ^op Q iff (j}{P) = (f>{Q) for each two processes P,Q G 

where 4> : ClgiFTiiTccs)) — >■ Ip is the unique arrow to the final 

P'M.(socsy coalgebra. 

Corollary 1 (~op is a congruence). Tile bisimilarity ^op for CCS is a con- 
gruence w.r.t. the operations of the horizontal 1-category of states. 

Due to Proposition Em this implies the well-known fact that bisimilarity is a 
congruence for CCS. Notice however that the above statement is more general, 
since it does not only apply to closed process terms but also to processes which 
contain variables. 

8 Conclusion 

In this paper we have investigated the relation between two models of concurrent 
systems: tile rewrite systems and coalgebras. Tile rewrite systems consist of 
rewrite rules with side effects which are reminiscent of SOS rules m- For these 
rules, which can also be seen as elementary transitions, closure operations of 
parallel and sequential composition and synchronization are defined. The models 
of tile rewrite systems are monoidal double categories. 

Coalgebras can be considered, in a suitable mathematical setting, as dual to 
algebras. They can be used as models of dynamical systems with hidden states in 
order to study concepts of observational equivalence and bisimilarity in a more 
general setting. 

We have pointed out that, in order to retain in the coalgebraic presentation 
of tile models the operations of parallel composition and synchronization, coal- 
gebras have to be endowed with an algebraic structure. This has led us to the 
concept of structured coalgebras, i.e., coalgebras for an endofunctor on a cate- 
gory of algebras. However, structured coalgebras are a more restricted notion 
than tile models, since they only allow to represent models where bisimilarity 
is a congruence. For tile models, this condition corresponds to functoriality of 
bisimilarity, which is ensured by the horizontal decomposition property. 

The insights on the relation between tile rewrite systems and structured co- 
algebras can be obtained by applying to tile models (seen as double transition 
systems) the results of mni on the coalgebraic mesentation of transition systems 
with algebraic structure specified by SOS rulesQ In that paper, we have charac- 
terized those transition systems for which a coalgebraic presentation is possible 

^ In fact, what would be needed is a many-sorted version of the presentation in mu 
which, for simplicity, is restricted to the one-sorted case. 
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and the classes of SOS specifications generating such “well-behaved” systems. It 
turned out that the conditions which guarantee a coalgebraic presentation are 
very similar to the ones which ensure that bisimilarity is a congruence. They 
require that the behavior of the system is compositional in the sense that all 
transitions from complex states can be derived using the transitions out of com- 
ponent states: this is essentially the statement of the horizontal decomposition 
property. 

In the case without structural axioms, such condition is verified if each basic 
rule in the tile rewrite system has signature operators both as initial configura- 
tion and as effect; indeed this is the common point of many SOS formats (see e.g. 
lEUZE!). Notice, however, that, with structural axioms, the situation is more 
complicated, since signature operators can be equivalent to complex terms, and 
complex states may be decomposed into component states in many different 
ways. 

We think that the coalgebraic presentation of monoidal tile rewrite systems 
can be a starting point for transferring to the coalgebraic setting concrete ap- 
plications of tile logic to formalisms like concurrent or located CCS, 7r-calculus, 
etc. 
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Abstract. The paper discusses some recent aspects of cryptology. At- 
tention is focused on public-key cryptography, in particular, on certain 
zero-knowledge proofs and the general question of whether and how cryp- 
tographic ideas can be realized without computers. Possible impacts of 
DNA computing on cryptology, as well as recent legislative measures to 
restrict the marketing of cryptographic products, will also be briefly con- 
sidered. The paper consists of the following six sections. 1. Digging the 
bones of Caesar? 2. A big invention. 3. Protocols with or without com- 
puters. 4. Truth or consequences? 5. A deck of cards or a computer? 
6. Security of security. DNA computing. 



1 Digging the Bones of Caesar? 

The title of our paper might give the impression that we have in mind some kind 
of a DNA analysis about Caesar, along the lines of the recent analysis concerning 
Thomas Jefferson, maybe even with the purpose of impeaching somebody. Not 
at all. The title only reflects the fact that our topics are rather scattered. We 
discuss several issues on cryptology, mostly ones with very recent interest. I have 
chosen the issues because of my personal interest and involvement in them. Not 
all interesting recent issues can be treated in a short paper. 

Let us begin with Caesar. A very simple cryptosystem, one of the very oldest, 
has been named after him. It is based on substitutions: each letter of the plain- 
text is substituted by another letter. The latter is obtained from the former by 
advancing k steps in the alphabet. At the end of the alphabet one goes cyclically 
to the beginning. 

Thus, for the English alphabet and fc = 4, the substitutions are as follows. 

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ 

Cipher: EFGHIJKLMNOPQRSTUVWXYZABCD 

If we denote by Ek(w) the encryption of the plaintext w, we obtain, for instance, 

E4SANDU) = WERHY, Ei4SANDU) = GOBRI, E2o{SANDU) = MUHXO. 
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Clearly, there are only 26 such encryption functions Ek, 0 < k < 25, the 
function Eq being the identity. The encryption function Dk corresponding to 
Ek satisfies Dk = E 2 e-k, for 1 < fc < 25. Thus we have, for any k satisfying 
1 < fc < 25, DkEk = Eq = Dq. Moreover, the functions Ei and Dj have the 
property of commutativity, very relevant for certain aspects of cryptography. For 
instance, 

E^D^EqDii = EqE^DtDii = EgDis = En = Dg. 

The presented basic version of Caesar’s system is much too simple for any 
serious applications. However, it is suitable for illustrating certain basic notions 
of cryptography. It is a symmetric system: the encryption key is either the same 
as the decryption key, or the former immediately gives away the latter. (Sym- 
metric cryptosystems are often referred to as classical.) Key management is a 
major problem in symmetric systems: before any communication can take place, 
the key has to travel from the sender to the receiver via some secure channel. 

Caesar tells in his De Bello Gallico how he sent an encrypted message to 
Cicero. The encryption was carried out by replacing the Latin letters by Greek 
ones in a way that is not clear from Caesar’s writing. The information that 
Caesar actually used the cryptosystem described above comes from Suetonius. 
In fact, according to Suetonius, the shift in the alphabet was always three letters. 

Caesar’s system as described above is very unsafe simply because the key 
space is very small. However, the system has numerous variants with large key 
spaces, [7]. A fundamental idea in varying the system is to change the shift k 
from letter to letter in the plaintext, according to some specific rule. Very many 
classical systems, also the most widely used Data Encryption Standard, DES, 
can be viewed as variants of Caesar’s system - especially if your equivalence 
classes are large enough in this respect. 

We want to mention here one variant of Caesar’s system that became obsolete 
with the advent of sufficiently powerful computers. Let us first discuss the idea 
of an “absolutely secure” cryptosystem. It’s reasonable to claim that the system 
called one-time pad is secure. The key is a sequence of bits, say 110101000011, 
and is communicated to the legal receiver via some secure channel. The key is 
used for both encryption and decryption. The plaintext, say 010001101011, is 
encrypted by bitwise addition using bits of the key, resulting in 100100101000. 
A cryptanalyst knowing the cryptotext but having no information about the key 
knows really nothing because each bit either comes directly from the plaintext 
or has been changed by the key. It is essential that the key is used only once, as 
the name of the system indicates. The big disadvantage is the key management: 
a key at least as long as the plaintext has at some stage to travel via a secure 
channel. 

This difficulty used to be overcome by specifying the key using a well-known 
book such as the Bible. The specification indicates the spot in the Bible where 
the key begins. For instance, Joshua 3, 2, 6 refers to the Book of Joshua, Chapter 
3, Verse 2, Letter 6: “came to pass after three days that the officers went through 
the host and they commanded ...” The key is as long as the plaintext requires, 
although it can be expressed very briefly. The letters in the alphabetical order 
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are assigned numerical values from 0 to 25. The key is used in a Caesar-like fas- 
hion; this variant is often referred to as the Vigenere system. Because the values 
assigned to the letters of CAME are 2, 0, 13, 4, the shift in the first four letters 
of the plaintext is 2, 0, 13 and 4, respectively. Thus, the plaintext “Practical 
perfectly secret systems would cause unemployment among cryptographers” is 
encrypted as follows. 
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While the system was feasible in the past, nowadays an exhaustive search 
through all the keys (roughly four million in number) presents no problem. Quite 
another issue - which we will not discuss here - is that redundancies in the 
plaintext and key languages make the ciphertext far from being random. Indeed, 
one can question even the security of one-time pad because, even if the key is 
random, redundancies in the plaintext might still be visible in the ciphertext. 
They are not visible if the plaintext is short. 

We still return to one aspect of Caesar’s system already referred to above: 
commutativity. In general, assume we are dealing with encryption and decryption 
keys Ei and Dj, i, j = 1, 2, . . ., that commute. Both the sender and the receiver 
choose their keys from such a commutative pool of keys. It is irrelevant whether 
we are dealing with a classical or public-key system, that is, whether or not the 
encryption key Ei gives away the corresponding decryption key Di. 

Denote the sender’s (A) and receiver’s (B) encryption and decryption keys 
by Ea, Da and Db, respectively. The following protocol can be used in 
sending a message w. 

(i) A sends Ea{w) to B. 

(ii) B sends Eb{Ea{w)) to A. 

(hi) A sends Da{Eb{Ea{w))) = Da{Ea{Eb{w))) = Eb{w) to B. 

(iv) B decrypts Db{Eb{w)) = w. 

The message travels encrypted the whole time but there is no problem in 
key management because the keys are not distributed at all. Commutativity is 
essential in point (iii). The protocol can be visualized as sending the message 
in a box with clasp rings. First A sends the box to B, locked with A’s padlock. 
Then B sends the box back to A, now locked also with B’s padlock. Next, A 
opens the padlock Ea and sends the box back to B. When B receives the box, 
it is locked only with Eb which B can open. The keys never travel. 




42 



A. Salomaa 



2 A Big Invention 

A recent issue of Newsweek reported about a panel of scientists gathered to 
nominate the biggest invention of the past 2000 years. Public-key cryptography 
got at least one vote. Although such voters should perhaps log off for some time, 
public-key cryptography is undoubtedly a beautiful mathematical idea that has 
turned out to be also extremely useful. (We refer to [7] for historical references.) 

Classical symmetric cryptosystems require the key to be transmitted over a 
secure channel. This is inconvenient. Moreover, if a secure channel exists, why 
do we not use it to send the message without encrypting it? The constraint of 
a secure channel is removed in public-key cryptography. It makes secret com- 
munication possible without requiring a secret means of delivering the keys. 
Public-key (also called asymmetric) systems rely on a pair of keys that are dif- 
ferent but complementary. Each key decrypts the message that the other key 
encrypts. However, the key used to encrypt a message cannot be used to decrypt 
it. Hence, one of the complementary keys (the public one) can be publicized 
widely, whereas the other key (the private one) is all the time held only by its 
owner. If Bob wants to send a secret message to Alice, he uses her public key 
for encryption, after which she uses her private key for decryption. 

Public-key cryptosystems are based on functions that are easy to compute 
but whose inverses are painfully slow to compute. A very intuitive illustration of 
such a one-way function is provided by the telephone directory of a big city. It 
is easy to find the number of any specific person. On the other hand, it is hard - 
one might say hopeless! - to find the person who has a certain specified number, 
in a directory with several thick volumes. 

Of course, the telephone directory is only an intuitive example. The most 
widely used public-key cryptosystem, RSA, is based on the difficulty of factoring. 
It is straightforward to multiply two large prime numbers together, whereas it 
is extremely difficult to find the factors from the product. For the encryption, it 
suffices to know the product, but the factors are needed for the decryption. Or 
more explicitly: no other method of decryption is known but there is also no proof 
that this is the only way. Another one-way function widely used in cryptography 
is modular exponentiation. Let p be a large prime and g a primitive root (mod p). 
Then g^ (mod p) is computationally easy, whereas the inverse function (discrete 
logarithm) is intractable. 

Another advantage of public-key cryptography is that it can be used for 
message authentication and digital signatures. When Bob sends a message w to 
Alice, he first applies his private key and, after that, Alice’s public key to the 
result. Then Alice receives E a{D b{w)) . But Alice knows the keys (her own 
private key) and Eb (Bob’s public key). Thus, she obtains first Db{w) and, 
finally, w. If the final text is legible, Alice can be confident that Bob actually 
sent the message: nobody else has the key Db- 

The best known public-key cryptosystem RSA is based on number theory, in- 
deed, on facts known already for centuries. Also other number-theoretic problems 
have been used as a basis of public-key systems. In general, all these systems are 
dangerously dependent on number-theoretic problems, such as factoring, whose 
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complexity is not known; there is no proof that they are intractable. In principle, 
problems from any area of mathematics can be used as a basis for public-key 
cryptosystems. Some problems in the theory of formal languages have been pro- 
mising in this respect; [2] is a survey of this area. A common drawback in these 
systems is that the cryptotext tends to be much longer than the plaintext. Such 
a data expansion is not necessarily present in the different variants of Tao-Chen 
systems, which have also been widely tested in practice, [2]. 

3 Protocols, with or without Computers 

A cryptographic protocol constitutes an algorithm for communication between 
different parties, adversaries or not. The algorithm applies cryptographic trans- 
formations and is usually based on public-key cryptography. The goal of the 
protocol is often beyond the simple secrecy of message transmission. 

Computing power is normally needed in carrying out a protocol. However, 
the same goal is often achieved by much simpler means. The cryptographic ideas 
can be sometimes implemented without computers. This is an area not much 
investigated. 

We now consider a specific task: flipping a coin by telephone, without the 
assistance of a trusted referee. We first present a protocol, based on number 
theory. We then show that one has to be careful: there is a rather surprising way 
of cheating. Finally, we ask whether we could do it simpler, without computers. 

Thus, A and B are talking by phone and want to flip a coin, maybe to make 
a decision. Apparently both have to be involved in this process of generating 
a random bit. Several methods have been presented. They follow the following 
general scheme.. Let P be a 50-50 property of integers x such that it is intractable 
to tell whether or not P{x) holds without having the additional information Q. 
The protocol runs as follows. B who has the information Q tells A a random 
number x. A guesses whether or not P{x) holds. B tells A whether the guess was 
correct (this corresponds to “heads”) or wrong (“tails”). Later on, especially if 
A is suspicious, B gives A the information Q, so A can verify the matter herself. 

Let us be explicit. Assume that n = pq, where p and q are large primes. 
Consider numbers a such that 0 < a < n and the greatest common divisor of a 
and n is 1. For exactly half of such numbers a, the Jacobi symbol ((() satisfies 
( - ) = 1 and, again, exactly half of the numbers satisfying the latter condition are 
quadratic residues (mod n). The value of the Jacobi symbol is easily computable. 
Whether or not a is a quadratic residue (mod n) can be easily computed only if 
p and q are known. This is the background information; the protocol runs now 
as follows. B chooses p and q and tells A their product n, as well as a (random) 
number a such that ()() = 1. A guesses whether or not a is a quadratic residue 
(mod n). B tells A whether or not the guess was correct (“heads” or “tails”). 
Later B discloses p and q, so A can check that the information given previously 
was correct. 

There is the following, rather surprising, way of cheating in this protocol. 
(This observation is due to Juha Honkala.) It is essential that A also checks that 
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the disclosed p and q are indeed primes. Otherwise, B could cheat as follows. To 
start with, B chooses three large primes pi, p 2 , qi and a number a such that 

(-) = (-) = -! and (-)=+!. 

Pi P 2 qi 

If B wants “heads”, he proceeds as follows. If A says “residue”, B discloses 
p = P 1 P 2 and q = qi- If A says “nonresidue”, B discloses p = Pi and q = P 2 qi- 

If B wants “tails”, he proceeds as follows. If A says “residue”, B discloses 
p = Pi , q = p 2 qi- If A says “nonresidue”, B discloses p = P 1 P 2 , q = qi- 

Clearly, both A and B need a computer to follow the above protocol. For 
a “harmless” situation, the method suggested gives the impression of killing a 
fly with heavy artillery - you just are not likely to do things that way. So let 
us consider an everyday situation: Alice and Bob cannot agree what they are 
going to do in the evening. Bob would like to go to the opera but Alice likes 
to see hockey. Alice realizes that it is not good for their relation if they go to 
different places. Bob would hate to sit in a crowded sports arena, thinking that 
he missed his favorite opera. So Bob tells Alice over the phone that they should 
flip a coin but complains that the cryptographic methods for the task are overly 
complicated. They are not going to compute quadratic residues with respect to a 
large modulus. But then Alice gets a brilliant idea. Both of them have the same 
telephone directory. They can flip a coin according to the following protocol. 

Step 1. Bob picks a number in the directory (say 2371386) and asks whether 
the number immediately following it in the directory is even or odd. 

Step 2. Alice makes a guess (say “even”). It is indeed a guess because she 
has to react immediately. 

Step 3. Bob tells the result of the guess (here “wrong”). At this stage they 
can interrupt the protocol and do whatever the result implies (here go to the 
opera) . 

Step 4. Bob proves to Alice that he was honest in telling the result. Bob 
tells that the number 2371386 belongs to Florin Andreescu, after which Alice 
can immediately check the next number. 

Secret balloting systems constitute an area where traditionally, in all impor- 
tant elections, protocols have been carried out without computers (in the election 
process itself). The basic method of securing ballot secrecy is to make sure that 
the ballots of individual voters are not counted separately but in aggregates. Ty- 
pically all the ballots cast in a given election locale are counted simultaneously. 
The voters are identified before they are allowed to vote; in this way it is also 
guaranteed that each voter casts only one vote. Initially, during the identifica- 
tion, the officials know the link between a voter and his/her vote but this link 
is broken in the shuffling and simultaneous counting of the votes. How can the 
link be broken if there is no election locale but the elections are conducted in a 
computer network? When elections are conducted in the Internet, as they most 
likely will be in the future, numerous diverse security and secrecy issues have to 
be taken into account. However, the basic issues are soundness (only legitimate 
voters should be able to cast votes, and each one only once) and secrecy (nobody, 
including the election officials, should be able to And out the voting strategy of a 
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voter without his/her own consent). Although, at first thought, it might seem an 
impossible task to combine these two requirements in a network election, several 
solutions based on public-key cryptography have been presented. A third requi- 
rement, that of verifiability (each voter should be able to check that his/her vote 
has been correctly counted) is satisfied in almost all systems proposed and can 
be viewed, in network elections, as a corollary of the conditions of soundness and 
secrecy. Observe that the requirement of verifiability is not satisfied in current 
elections. Although verifiability is likely to increase the motivation of individual 
voters to vote, it provides also an incentive for selling votes if the buyer can get a 
proof that the service was actually rendered. In the traditional election protocol, 
the voting booth does actually more than permits a voter to keep his/her vote 
private; it forces the votes to remain secret. This means that a voter can make 
promises to unreasonable employers, bad dictators, dictator-like family heads or 
compelling spouses, and yet in the privacy of the voting booth the voter can 
cast quite a different vote. Thus, booth-type secrecy is desirable also in elections 
over computer networks; it is essential that the voter does not get a receipt of 
any kind about how he/she actually voted. Although, at a first glance, getting 
a receipt seems to be a property inherent in every verifiable election scheme, 
public-key cryptography is often counterintuitive. Election schemes are possible 
(see [7] for further details) where each of the requirements of soundness, secrecy, 
verifiability and receipt-freeness are simultaneously satisfied. 



4 Truth or Consequences 

Zero-knowledge proofs constitute a remarkable application of public-key encryp- 
tion. The prover P (also called Peter) possesses some information such as the 
prime factorization of a large integer, the proof of a long-standing mathematical 
conjecture, a password or an identification number. In a zero-knowledge proof, 
the verifier V (Vera) becomes convinced, beyond reasonable doubt, about P’s 
knowledge but obtains no knowledge that is new to herself. A good way to visua- 
lize this is to think that V could obtain all the information, except her conviction 
about P’s knowledge, entirely without P, that is, V could play the protocol as 
a solitaire game, without P participating at all. 

We do not present here any formal definitions or enter any details of the ge- 
neral theory. This section contains one particular zero-knowledge proof, given in 
[7]. It is a zero-knowledge protocol for the satisfiability problem for propositional 
calculus. In our estimation, this particular protocol illustrates the basic issues 
concerning zero-knowledge proofs particularly well. 

We need a useful general notion, that of a lockable box. The verifier cannot 
open it because the prover has the key. On the other hand, the prover has to 
commit himself to the contents of the box, that is, he cannot change the contents 
when he opens the box. In fact, the verifier may watch when he opens the box. 
In more formal terms, the hardware of the lockable boxes is replaced by one-way 
functions. Locking the information a; in a box means applying a one-way function 
f to X. V can now handle f{x) without knowing what a; is - only P is in the 
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possession of the inverse f~^. On the other hand, P cannot change f{x), since 
V knows it. Under the assumption that / is injective, this means that P cannot 
change x, that is, the contents of the box. When P opens the box by giving x 
to V, she can verify that f{x) is the number she had before. 

We now go to the zero-knowledge protocol for the satisfiability problem for 
propositional formulas in 3-conjunctive normal form. The significance of this 
problem as the basic NP-complete problem is well known, [6] . The setup is that 
both P and V know a propositional formula a with r variables and s disjunctive 
clauses in the conjunction. (Thus, each clause is a disjunction of 3 literals, a 
literal being either a variable or its negation.) P wants to convince V that he 
knows a truth-value assignment g satisfying a, without giving any information 
about the assignment. The protocol runs as follows. 

Step 1. P prepares and gives V three sets of locked boxes, referred to 
as variable, truth-value and assignment boxes. Variable and truth-value boxes, 
V ARi and TVi, i = 1, . .. , 2r, correspond to pairs {x,y), where a; is a variable 
and y is a truth- value (T or F). The number of such pairs is 2r. For each 
pair {x,y), there is an i such that x is locked in V ARi and y in TVi, but the 
ordering of the pairs is random. The indices of the assignment boxes Aij^k range, 
independently from each other, from 1 to 2r and from ~ 1 to ~ 2r. Thus, the 
number of assignment boxes is (4r)^. (This number can be made considerably 
smaller by certain natural assumptions concerning a.) Each of the assignment 
boxes contains the number 0 or 1. Each of the s clauses of a gives rise to exactly 
one assignment box containing 1, whereas all other boxes contain 0. For the 
clause (3 = xV yV z, where each of x, y, z is a variable or its negation, the box 
Aij,k containing 1 is found as follows. Assume that x = Xm (resp. x Xm) 
and that n is the index such that Xm is in the box V ARn and g{xm) (that is, 
the truth- value P has assigned for Xm) is in the box TU„. Then we define i = n 
(resp. i =~ n). The values j and k are defined in the same way, starting from y 
and z, respectively. 

Step 2. V gives one of the two commands “truth” or “consequences” to P. 

Step 3. If U’s command was “consequences”, P opens all variable and 
assignment boxes. If her command was “truth”, P opens all truth- value boxes 
and, moreover, all those assignment boxes Aij^k where each of the three indices 
is either of the form u with F in TV^, or of the form ~ u with T in TU„. 

Step 4. V fails P either if in the case of “truth” the number 1 appears 
in some of the opened assignment boxes, or in the case of “consequences” the 
assignment boxes containing the number 1 do not yield the original formula a. 

Step 5. If P passed in Step 4, V either accepts him (that is, V is convinced) 
or requests another round of the protocol. 

U’s decision in Step 5 is based on whether or not she already reached her 
preset confidence level. If P guesses correctly U’s command, then he passes 
the whole round of the protocol. For the command “truth”, P just locks the 
number 0 in all assignment boxes. For the command “consequences”, P just 
taken care of that the correct a will be found from the assignment boxes. Thus, 
P passes one round with probability even if he does not know g. But then 
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each round will decrease the probability of P not failing by a factor of | . Thus, 
if Vera’s (preset) confidence level is an error rate of less than one in a million, 
she needs twenty rounds of the protocol. On the other hand, Vera can obtain 
the same information as in the protocol just by herself, without Peter: she just 
plays the “guessing game”, and the opened boxes look exactly the same as in 
the protocol with P. The only difference is that P’s conviction about P knowing 
the satisfiability assignment g is missing. Why V does not learn anything about 
g, is illustrated further in the following example. Observe that everything has 
to be started from scratch in a new round of the protocol. If something remains 
until the next round, say, from the random order of the pairs, then it might be 
possible to learn about g. 

As an example, consider the following propositional formula a with r = 5 
and s = 11: 

(~ xiV ~ X2V ~ X3) A {x\ V X2V ~ X4) A V a;2 V X4) 

/\{x\ V X 2 y ~ X 5 ) A (a;iV ~ X2V ~ X5) A (xi V 0:3 V X 4 ) 

A(~ x\ V x^y ~ X5) A (a;iV ~ X4 V X5) A (X2V ^ x^V X4) 

/\{x^ V a;4 V X5) A (X3V ~ X4 V 0:5). 

The formula a is satisfiable, and P knows a truth-value assignment g with 

g{x 2 ) = g{x 3 ) = T, g{xi) = g{x 4 ) = gixs) = F, 

for which a assumes the value T . P wants to convince V about his knowledge. 
For Step 1 of the protocol, he has the following order of the pairs (x, y): 
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The assignment boxes are no less than 8000 in number. (If we assume that 
the indices appear in increasing order of magnitude and no index, negated or 
nonnegated, appears twice, then the smaller total number 960 suffices.) They all 
contain the number 0, except for the following 11 boxes which contain the 

number 1. We list only the triples (i, j, k): 

(^5, -6, -7), (-1, 5, 7), (1, 5, ^7), (-3, 5, 7), 

(-3, -5, 7), (1, 6, 7), (-3, 6, -7), (-1, 3, 7), 

(1, 5, -6), (1, 3, 6), (-1, 3, 6). 

For readability, the eleven (s = 11) boxes are listed above in the order obtained 
from the clauses of a. However, P gives the (huge number of) assignment boxes 
to V in some alphabetic order. (The triples (i, j, k) are unordered; above we 
have ordered them increasingly.) 

If V commands “consequences” , she learns a (in a somewhat permuted form) . 
But she already knew a. Nothing of g is revealed, since TP-boxes are not opened 
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at all. If V commands “truth”, she learns in which boxes each T and F is but 
nothing about their connection with the variables. Moreover, she learns that the 
assignment g does not assign the value F to any of the clauses of a. This follows 
because 0 appears in all those 120 assignment boxes, where all three indices come 
from the set {1, 3, 4, 7, 9, ~ 2, ~ 5, ~ 6, ~ 8, ~ 10}. This does not reveal 
anything concerning the association of T and F with the individual variables. 
Clearly, P fails in one of the two scenarios in Step 4 if he doesn’t know a correct 
truth- value assignment. 



5 A Deck of Cards or a Computer 

In the early days of cryptography the methods were certainly developed quite 
independently of computers - there were none around. On the other hand, the 
whole idea of public-key cryptography and one-way function is difficult to vi- 
sualize in practice without referring to computing devices. (Methods based on 
telephone directories are not secure; they can be used only to illustrate ideas.) 
Proper solutions in cryptography are always tied with complexity. If your method 
takes unreasonably long, you might as well forget it. The situation in cryptogra- 
phy differs very much from that in classical mathematics. “Impossible tasks”, 
such as factoring a large integer, are not impossible from the point of view of 
classical mathematics. On the contrary, in principle everything in cryptogra- 
phy is possible, even trivial in classical mathematics. However, in cryptography 
solutions lose their meaning and significance if they take too long. 

But there are different setups and various degrees in the seriousness of the 
overall situation. Smaller safety measures are adequate if the opponent has little 
time or resources. We already observed in Section 3 how a protocol, in a parti- 
cular setup, is naturally carried out entirely without computers. Similarly, the 
setup in a zero-knowledge proof becomes quite different if the Prover and/or Ve- 
rifier can somehow observe the computing resources of the other. It is certainly 
possible to design cryptographic protocols, that is, protocols applying ideas of 
cryptography, where computing resources are limited or nonexistent. Very little 
work has so far been done in this direction, although the approach is interesting 
also from the general mathematical point of view. 

There are obvious reasons for investigating cryptographic protocols, where 
computers are not used. Nonavailability, nonportability, unreliability, mistrust 
or dislike of computers are certainly among such reasons. Sometimes a protocol 
without computers is simply better or more natural than one with computers. For 
instance, assume that a group of people gathered together want to take a secret 
vote about some important matter. Who would in such a situation consider any 
sophisticated balloting protocols with computers? It is much easier and more 
efficient to take ballots (cards or pieces of paper) and a box or boxes. The 
“cryptographic element” in this protocol will be shujfling. When the ballots are 
shuffled, everybody loses the link between the person and the ballot, although 
the link could perhaps be observed earlier. It is essential for secrecy that the 
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link is broken before the votes are disclosed. This very simple protocol is in this 
particular setup better than any other one could think of. 

A deck of cards, consisting in general of more than 52 cards, is often a very 
useful tool in cryptographic tasks, even in zero-knowledge proofs. When the 
cards are face down, information is hidden. In cryptography one wants to shuffle 
or scramble information but not too much because, otherwise, one might lose 
everything. If information is hidden in a deck of cards, one cannot shuffle the deck 
arbitrarily because of this reason. However, one may cut the deck without losing 
everything. As usual, a cut of the deck means that some number of topmost cards 
is moved, without changing their order, to the bottom. An important observation 
is that the effect of several cuts, made after each other, can always be achieved 
by one cut. If so many cuts are made in succession that every participant in the 
protocol has lost the possibility of keeping track of the cutting position, we speak 
of a random cut. Thus, a random cut is a sequence of cuts, viewed as one cut. 
The unchanged deck constitutes also a cut, being one possibility for a random 
cut. Our overall cryptographic assumption will be that it is possible to make a 
random cut. The assumption will be made for any number > 1 of participants 
in the protocol and any number > 2 of cards in the deck. 

There are two kinds of cards, white and black. Cards of the same color are 
indistinguishable. As usual, the back side of each card is identical. White cards 
are denoted by the bit 0, black cards by the bit 1. A deck of cards can be 
represented in this way as a word over the alphabet {0, 1}, using the convention 
that the leftmost letter represents the topmost card. Thus, the word 01101 stands 
for a deck with two white and three black cards, where the topmost and fourth 
cards are white. We also make a distinction whether the cards are face down or 
face up. 

A commitment to the bit 0 (resp. 1) is the deck 10 (resp. 01), cards face down. 
Thus, a commitment is made using one card of each color, the bottom card telling 
the bit committed to. It will become apparent below why it is better to use two 
cards for a commitment, rather than simply a card 0 or 1. The negations of bits 
are understood as ~ 0 = 1 and ~ 1 = 0. When used as truth- values, the bit 1 
(resp. 0) is the truth- value T (resp. F). 

Let us consider first the following simple setup. Alice has a secret bit a and 
Bob has a secret bit b. They want to learn a A b without revealing their secret 
bits, unless necessary by the definition of conjunction. This means that if a = 0 
(resp. 6=0) then Alice (resp. Bob) learns nothing. If a = 1 then Alice actually 
learns 6. The motivation and importance of this setup is discussed in [ ]. The 
following protocol does the job. Initially, both Alice and Bob have a white card 
and a black card. An additional black card is put on the table, face down. 

Step 1. Alice makes a commitment to her secret bit. Bob makes a commit- 
ment to the negation of his secret bit. 

Step 2. Alice’s commitment is put on top of the card on the table, Bob’s 
commitment below it. After that there is a deck of five cards on the table, all 
cards face down. 

Step 3. A random cut is made on the deck. 
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Step 4. The cards are shown. The conjunction has the value T exactly in 
case the two white cards are “cyclically next” to each other (that is, either next 
to each other or one of them is the top and the other the bottom card). 

The reader should have no difficulties in verifying the correctness of the above 
protocol. However, a further step can be taken. We want to compute conjunctions 
in such a way that the outcome remains in encrypted form. More specifically, 
we are given two bits x and y in the form of commitments as described above. 
We want to compute the bit z = x A y, also as a commitment. Thus, to start 
with we have two pairs of cards faces down, one pair being a commitment for 
X, and the other pair for y. We want to devise a protocol, which now will be a 
game of solitaire, producing two cards faces down, representing a commitment 
for 0 . Some additional cards are used in the protocol. But the player of the 
solitaire does not know or learn later the original bits x and y, and also not the 
resulting bit zl The reader is referred to [7] or [3] for the details of this, somewhat 
more complicated protocol. The idea is that z can be used as an input for other 
protocols. 

Note that such a solitaire is obvious for negation. Given a commitment for 
the bit X, we get a commitment for ~ x just by switching the order of cards. 
This would perhaps not at all be possible if we had defined a commitment to 
be one card, face down. Another reason for defining a commitment in terms of 
two cards is that one is then able to copy a commitment without learning the 
bit represented. Such a capability is needed in many protocols; one part of the 
protocol may cause the loss of the commitment which is still needed later on. The 
copying protocol is presented below, in the form of a game of solitaire. The only 
participant is called Verifier, Vera, V. This reflects our final aim of presenting a 
non-interactive (meaning that V does not communicate with P) zero-knowledge 
proof. The Verifier is not supposed to cheat. In particular, we assume that she 
makes true random cuts when the protocol so requires and displays cards only if 
the protocol allows her to. Initially, Vera is given two cards face down, defining 
a commitment ~ xx. In addition, she is given a deck (OI)*’*'^ of 2fc-|-2 cards, for 
some k > 2. Also these cards are face down but she may check that they form 
indeed the deck (Ol)^’*'^. 

Step 1. Vera makes a random cut of the deck (Ol)*’*'^. She is not any more 
allowed to look at any card of the resulting deck, but she knows that the deck 
is of the form (~ yy)^'^^, where y = 0 or y = 1. 

Step 2. Vera takes two topmost cards of the deck (~ yy)^~^^. She puts these 
cards under the commitment ~ xx, getting the deck ^ xx ^ yy = Y4. She still 
has also the deck (~ yy)^ = Y 2 k- 

Step 3. Vera makes a random cut of the deck I 4 , after which she looks at 
the four cards. If they are 0101 or 1010, then she outputs Y 2 k (face down as it 
has been the whole time). If they are 0011, OIIO, 1100 or 1001, then she outputs 
{y ~ y)^ , obtained from V 2 fc by moving the topmost card to the bottom (without 
looking at it). 

Step 4. Vera concludes that her output equals (~ xx)^ and, thus, consists 
of k copies of the original commitment. 
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This copying protocol is needed also in the solitaire protocol for conjunction, 
referred to above. We are now ready for the final step, a simple noninteractive 
zero-knowledge proof for the satisfiability of propositional formulas. 

As before, a propositional formula a with r variables x\, . . . , is given. 
Since every propositional connective can be expressed in terms of conjunction 
and negation, we assume that these two are the only connectives occurring in 
a. (Equivalently, we could present a solitaire protocol also for disjunction, after 
which we could consider a, say, in conjunctive normal form.) The Prover, Peter, 
knows an assignment for the variables making a true. To convince Vera of his 
knowledge, Peter gives her his assignment secretly, in the form of r commitments, 
2r cards. (Peter must indicate also the one-to-one correspondence between the 
variables and commitments.) In addition, Vera is given a sufficient supply of 
auxiliary cards, needed in copying the commitments. (Estimates, based on a, 
for the number of auxiliary cards can be given.) Vera now plays the solitaire, 
applying the protocols for conjunction and negation. She looks at the final out- 
come, the commitment for the whole formula a, and accepts iff the commitment 
is 01. Only one round is needed in this non-interactive protocol. Vera’s eventual 
cheating can be revealed if Peter or a person trusted by him stands by, watching 
Vera’s play. One could also imagine a technical device that would have the same 
effects as card play and would report any wrongdoings of the operator. Finally, 
the only way Peter can cheat is to give pairs 00 or 11 in place of some com- 
mitments. But he would be caught because cards assigned to a variable will be 
disclosed as an unordered pair whenever the variable takes part in a conjunction. 

The theoretical simplicity of the above protocol seems quite fascinating. Fur- 
ther comparisons with protocols such as the one given in Section 4 remain to be 
done. 

6 Security of Security — DNA Computing 

Although secret writing is probably as old as writing itself, interest in crypto- 
logy has become widespread only very recently. Earlier there was real need for 
cryptography only in military and diplomatic circles, as well as among certain 
criminal organizations. Cryptosystem designers, on one hand, and eavesdroppers 
and cryptanalysts, on the other hand, constitute two opposing groups of people. 
(Sometimes it is difficult to tell which group are the “good guys” and which are 
the “bad guys”, for instance, in case of a dictatorial government.) Earlier the 
fight between these two groups was of little concern to most of the people. Things 
have become drastically different as a consequence of the information revolution. 
There is no possibility of any physical data protection in the Internet, that’s why 
one has started to speak about cryptography for the Internet. Strong cryptogra- 
phy is in everyday use to ensure that conversations and transactions remain 
confidential. Public-key cryptography and the progress in computing technology 
have made strong encryption methods inexpensive and widespread. 

When cryptography was essentially a government matter, “secrecy of secrecy” 
or “security of security” was natural. The government agencies wanted to restrict 
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and/or prevent the sales and/or export of cryptography. In spite of the total 
change in the overall picture, some government agencies continue to propagate 
the regulation of encryption technology, as well as the continuation of all export 
restrictions. This concerns especially the National Security Agency (NSA) and 
FBI in the U.S. They are worried that they would be unable to decrypt the 
messages of potential spies and terrorists. In a recent Wassenaar Agreement, 
many European countries (including Finland) imposed severe limitations to the 
export of encryption technology. The effects can be disastrous to certain parts of 
high technology in small countries where the domestic market is not big enough. 

The government agencies are concerned that the “bad guys” will benefit from 
the new cryptography. This is apparently possible - everything can be used for 
both good and bad purposes. But a field of technology cannot be discriminated 
merely for such reasons. R. L. Rivest elaborates this as follows, [5]. “Any U.S. 
citizen can freely buy a pair of gloves, even though a burglar might use them to 
ransack a house without leaving fingerprints. Cryptography is a data-protection 
technology just as gloves are a hand-protection technology. Cryptography pro- 
tects data from hackers, corporate spies and con artists, whereas gloves protect 
hands from cuts, scrapes, heat, cold and infection. The former can frustrate FBI 
wiretapping, and the latter can thwart FBI fingerprint analysis. Cryptography 
and gloves are both dirt-cheap and widely available. In fact, you can download 
good cryptographic software from the Internet for less than the price of a good 
pair of gloves.” 

It seems that limitations described above will satisfy no one and will only 
mean a victory for the Big Brother. Also some compromise solutions have been 
proposed. They would allow strong cryptography to be widely used while still 
enabling the government agencies to decrypt messages when lawfully authorized 
to do so. Many models of key-escrow have been developed, where users register 
their encryption keys with a law-enforcement agency, as well as models of key- 
recovery, where a law-enforcement agency has a backdoor access to the keys. 
Typically, together with each encrypted message one sends an encrypted version 
of the system encryption key. An authorized agency has a “master backdoor 
key” to decrypt all system encryption keys, after which decryption the agency 
can decrypt the messages. For various reasons, [5], also such compromises are 
highly unsatisfactory. 

Although it is still too early to predict the significance of new technologies 
such as DNA computing, it is possible that cryptanalysis will be revolutionized, 
and the complexity issues involved will look quite different. Then agreements 
such as the Wassenaar Agreement mentioned above, where explicit technologies 
are referred to, might become quite meaningless. The high hopes for the future 
of DNA computing, [4], are based on two fundamental features: (i) The massive 
parallelism of DNA strands, (ii) Watson-Crick complementarity. 

As regards (i), most of the celebrated computationally intractable problems 
can be solved by an exhaustive search through all possible solutions. However, 
the insurmountable difficulty lies in the fact that such a search is too vast to 
be carried out using present technology. On the other hand, the density of in- 




Caesar and DNA — Views on Cryptology 



53 



formation stored in DNA strands and the ease of constructing many copies of 
them might render such exhaustive searches possible. A very typical example 
is cryptanalysis: all possible keys can be tried out simultaneously. Indeed, [1] 
discusses a possible technique of breaking the cryptosystem DES in this fashion 
- details can be found also in [4]. DNA computing is suitable for cryptanalysis 
also because deterministic solutions are not required; a low error rate will suffice, 
see [4] for details. 

As regards (ii), Watson-Crick complementarity is a feature provided “for free” 
by the nature. It gives rise to a powerful tool for computing because, in a well- 
defined sense, [4], complementarity brings the universal twin-shuffle language to 
the computing scene. By encoding information in different fashions on the DNA 
strands subjected to bonding, one is able to make far-reaching conclusions based 
on the fact that bonding has taken place. Also cryptanalysis can be based on 
such conclusions, [1], [4]. 
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Abstract. There is a growing feeling in the community that the current 
literature on reactive and hybrid systems is plagued by a Babel of models, 
constructs and formalisms, and by an amazing discord of terminology and 
notation. Further models and formalisms are engendered, and it is not 
clear where to stop. 

Hence, the urge toward a pithy conceptual/notational setting, supported 
by a consistent and comprehensive taxonomy for a wide range of for- 
malisms and models. 

The paper outlines an automata-based approach to this challenge, which 
emerged in previous research [PRT, RT] and in teaching experience [Tl, 
T2] . We compare our definitional suggestions with similar background in 
the current literature, where the subject is sometimes complicated by a 
premature mixture of semantics, syntax and pragmatics. 



1 Introduction 

1.1 Mainly Quotations 

Hybrid systems, and in particular timed automata, are popular paradigms of 
“reactive” systems. 

This developing area suffers from some methodological and expository em- 
barrassment. 

Quotation 1. “The number of formalisms that purportedly facilitate the mod- 
eling, specifying and proving of timing properties for reactive systems has ex- 
ploded over the past few years. The authors, who confess to have added to the 
confusion by advancing a variety of different syntactic and semantic proposals, 
feel that it would be beneficial to pause for a second - to pause and look back 
to sort out what has been accomplished and what needs to be done. This pa- 
per attempts such a meditation by surveying logic-based and automata-based 
real-time formalisms and putting them into perspective” [AH]. 

Quotation 2. “A new class of systems is viewed by many computer scientists 
as an opportunity to invent new semantics. A number of years ago, the new 
class was distributed systems. More recently, it has been real-time systems. The 
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proliferation of new semantics may be fun for semanticists, but developing a 
practical method for reasoning about systems is a lot of work. It would be 
unfortunate if every new class of systems required inventing a new semantics, 
along with proof rules, languages and tools. 

Fortunately, these new classes do not require any fundamental change to the 
old methods for specifying and reasoning about systems” [AL]. 

So, what is a reactive system? 

Quotation 3. “Reactive Systems” is a nice name for a natural class of compu- 
tational systems. The search is still on for the best precise mathematical concept 
to explain this [Ab]. 

It seems, that “Hybrid Systems” share a similar status; moreover, this is the 
case with other popular terminology in the field. 

Quotation 4. “Processes” are not mathematical objects whose nature is uni- 
versally agreed upon . . . not a well understood domain of entities [Mi] . 

Yet, that does not prevent researchers from developing useful methods of 
verification for specific structures of “reactive” and “hybrid” systems, such as 
“reactive programs” and “hybrid automata” . Here are some widely accepted 
informal explanations of those terms: 

(i) A reactive program is a program whose role is to maintain an ongoing inter- 
action with its environment. 

(ii) A hybrid automaton is a mathematical model for a digital program that 
interacts with an analog environment. 

(iii) Hybrid Systems are interacting networks of digital and continuous systems. 

Clearly, precise definitions and taxonomies of the intended entities presume 
decisions about the choice of appropriate (i) components (programs, automata, 
processes, etc.) and (ii) interaction architectures. 

Note also some expected asymmetry between the components (digital vs. 
continuous, main object vs. its environment etc.). 

Such decisions are suggested in particular by classical automata theory, mod- 
estly enriched with standard concurrency and continuous time. This is in full ac- 
cordance with the appeal to rely on “old-fashioned recipes” (see Quotations 1,2). 
More about that below, after some comments on the literature on the subject. 
Let us start with reactive systems. 

Quotation 5. “We refer to our object of study as reactive systems... In the liter- 
ature on the formal development and analysis of reactive systems, we find a rich 
variety of programming languages... Some of the constructs are based on shared 
variables, message passing, remote procedure calls, ... semaphores, monitors etc. 
We introduce a generic (abstract) model for reactive systems, which provides an 
abstract setting that enables a uniform treatment of all these constructs” [MP2]. 

Further, in [MP2], according to the generic model, four concrete models are 
considered: 

(i) Transition Diagrams, (ii) Shared Variable Text, (iii) Message Passing Text, 

(iv) Petri Nets. 
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Quotation 5 (continued). “Each concrete model is characterized by a pro- 
gramming language consisting of the syntax of the programs in the model, and 
semantics which maps programs into Basic Transition Systems” . 

“Petri Nets are a radically different concrete model. The main difference: it is 
not a programming language, but rather intended to model and specify a broad 
family of reactive systems” . 

Comments. Clearly, the [MP2] taxonomy of reactive systems is oriented toward 
programming constructs. That is why it distinguishes between Models 1 and 2, 
which in essence differ only in syntactic details ( graphical syntax for the first 
vs. textual syntax for the second). On the abstract level of automata theory 
there are no reasons to distinguish between them, and even less to declare Petri 
Nets with their suggestive geometry of communication, “a radically different 
concrete model”. As a matter of fact, the automata-based setting supports a 
broad taxonomy of reactive systems, in which other models (not covered in 
[MP2]) are identified in a natural way. “The stone that the builders rejected has 
become the chief cornerstone” (Psalms) ! 

Now, about existing (and sometimes changing) definitions of Hybrid Au- 
tomaton. Most of them present some detailed and more precise version of the 
following descriptions: 

Quotation 6. “Informally, a Hybrid Automaton consists of a finite set X of real 
valued variables, and a labeled multigraph E. The edges E represent discrete 
jumps and are labeled with guard assignments to variables in X. The vertices 
V represent continuous flows, and are labeled with differential inequalities over 
the first derivatives of the variables in X. The state of the automaton changes 
either instantaneously when a discrete jump occurs (“transition step”) or, while 
time elapses, through a continuous flow (“time step”) [HW]. 

Quotation 7. “Hybrid automata are generalized finite state machines. For each 
control location ... the continuous activities are governed by a set of differential 
equations [this is a labeling of locations, B. T.] Another label - the invariant 
condition - must hold while the control resides at the location, and each transition 
is labeled with a guarded set of assignments” [ACH]. 

Comments 

(i) The definitions do not present explicitly, either the decomposition of the 
“Hybrid” into separate components, or the relevant interaction architecture. 

(ii) They emphasize the role of differential equations, a machinery which is be- 
yond the usual logical based and/or automata-based settings. 

(iii) They confine with accepting- mechanisms, and ignore transducers, i.e. input- 
output mechanisms, which specify/compute functions. 

The last remark brings us back to a discussion from the early days of Au- 
tomata Theory [KT], reconsidered in depth by D. Scott: 

Quotation 8. “The author (along with many other people) has come recently 
to the conclusion that the functions computed by the various machines are more 
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important - or at least more basic - than the sets accepted by these devices. The 
sets are still interesting and useful, but the functions are needed to understand 
the nets. In putting the functions first, the relationship between various classes 
of sets becomes much clearer. This is already done in recursive function theory, 
and we shall see that the same plan carries over to the general theory” [S] . 

1.2 Overview 

This paper provides an outline of the main features of an automata-based ap- 
proach to the subject. Note, that it is semantically-oriented, and avoids heavy 
syntactical ingredients. 

The aim of Sections 2-4 is to present enough technical details of the advocated 
conceptual/notational machinery, and to explain it with appropriate examples 
and propositions. In view of the many facets of the issues, and because of the 
lack of generally accepted terminology in the field, an eclectic expository style 
is adopted: formal definitions are intermixed with less formal explications and 
comments, and omitted details are left to the imagination of the reader. Hope- 
fully, this will not prevent one from perceiving the full picture. The test will 
come in Section 5 (Discussion), where the proposed setting is illustrated with 
respect to (and contrasted with) alternatives in the literature. The discussion 
focuses on four points: 

(i) Networking, 

(ii) Taxonomies in fundamental monographs, 

(iii) Hybrids in the Theoretical Computer Science community, 

(iv) Views of Control Theorists. 

Section 2 (Automata) is about the potential components of “reactive systems”, 
and Section 3 (Interaction) - about the ways those components are structured 
in reactive systems. Note that at this stage, no particular features of Hybridity 
are on the agenda. Those are postponed to Section 4 (Toward Hybrids). 

Now, more details about what is to come. 

Section 2: Automata. 

The time-domain T of a discrete automaton (with finite or infinite state-space) 
is the ordered set N of nonnegative integers. For continuous-time automata, T 
is the real line R-^. “Continuity” of automata refers only to their time-domain, 
and does not concern their data-domains. Hence, no differential equations etc. Of 
course, algebraic and/or topological properties of the automaton’s state-space 
X may be instrumental for concrete applications, but they are not part of the 
formal automaton concept. 

Nondeterministic (unlike probabilistic) automata cannot be implemented di- 
rectly; they seem to be an useful mathematical abstraction and/or a techni- 
cal notion. We don’t exclude nondeterministic automata, but the most relevant 
phenomena are best explained in the deterministic setting. In the definition of 
deterministic automata, we follow [SI]. 

Input/output. The focus is on the relationship between two entities: the 
retrospective (causal) operator F and the transducer which computes/defines 
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it. The operator F outputs at time-instant t a value which depends only on 
the values inputted not later than t. There are two kinds of transducers: ex- 
plicit and implicit. Not surprisingly, the transition from explicit to implicit is 
straightforward, but the opposite direction is less trivial. 

Labeled Transition Systems {LTS) and other kinds of decorated graphs are 
not part of the model. Occasionally we may use them for expository convenience, 
in particular, for comparison with current literature. 

Section 3: Interaction. 

Four Architectures. We consider two dichotomies, which are routine for dis- 
crete time, but some precaution (explained in the main text) is needed in the 
case of continuous time. Note that hiding issues are not considered. 

(i) Synchrony vs. Asynchrony; 

Warning: Don’t confuse this with the use of “synchronous/ asynchronous” in 
the sense of “tight/buffered communication”. 

(ii) Nets (communication through ports/wires) vs. Webs (shared memory). 

Circuits. The architectures above don’t cover specific aspects of input-output 
interaction. These aspects are well known for discrete-time circuits of logical and 
delay components, for which Burks and Wright coined the name Logical Nets 
[BW]). The generalization of Logical Nets and their shift to continuous time are 
formalized as synchronous circuits of transducers; these are relevant, in particu- 
lar, for the interaction mechanism of hybrid automata. At an appropriate level 
of abstraction a circuit C with k components, which communicate through their 
inputs and outputs, is a system Eq of k functional equations, each equation de- 
scribing one of the components. Eq allows a pictorial representation as a circuit 
C labeled by the functional symbols which occur in Eq. Hence, the reference 
to Eq as a, circuit of functions. Actually, before the emergence of modern com- 
munication/concurrency theory, this was the main (may be even the unique) 
interaction paradigm in Automata Theory. C is well defined (reliable) iff Eq 
has an unique solution, ip, which is said to be the input/output behavior of C. 
This means that the propagation of signals along closed cycles in C is causally 
motivated (feedback reliable). 

The same circuit C also visualizes a circuit of transducers, which adequately 
implements Eq, i.e. computes p (in an appropriate sense!). 

Note that for continuous time feedback, reliability is more subtle than in 
the discrete case. Occasionally, in situations related to differential equations, 
analytical machinery may help. Some automata-based criteria appear in [PRT]. 

Section 4: Toward Hybrids. 

We start with two known properties: Finite Variability (otherwise called ‘non- 
Zeno property’) and Duration Independence. As particular cases of FV-automata 
we define jump, flow, and, finally - jump/flow automata. The last one will appear 
later as a component named Plant of hybrid automata. A Plant may be described 
by chance via differential equations; this situation is practically important, but 
conceptually - irrelevant. 
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Duration independence means invariance of the behavior under stretching of 
the time axis. A duration independent (in particular - a finite state) automaton 
M, usually named Controller, is the second component of an hybrid automaton. 
Due to duration independence, M can be specified syntactically by a labeled 
transition system, very close to (but not identical to) those used in classical 
Automata Theory. 

Hybrids. The analysis of Hybridity is best explained on the following three 
levels: 

(i) Plant. This is an explicit transducer with a jump/fiow underlying automaton 
M. No concurrent interaction occurs at this level; “Hybridity” is manifested 
solely in the coexistence of jumps and flows. 

(ii) Hybrid Automaton. This is a reliable synchronous circuit with two compo- 
nents: a Plant (as above) and a Controller, which is a duration independent 
(in particular a finite-state) transducer. 

Note the fundamental asymmetry between the two interacting components. 
Whereas Controller is a constructive object with almost standard LTS- 
syntax. Plant is a semantical object with a given signature S . The inter- 
pretation of S is supplied by the environment (hence, the term “oracle”, 
used earlier in [RT, T2, P]). 

(iii) Hybrid System. We leave this vague term for a structure whose components 
are hybrid automata which are combined via different interaction combina- 
tors. 

About Terminology. Standardization of terminology for some of the basic 
notions in the area has become necessary with the proliferation of models and the 
often inconsistent and contradictory use of terms in the literature. The confusion 
is most blatant in the use of the terms “synchronous” and “asynchronous” . For 
example, sometimes it serves to distinguish tight communication from buffered 
communication. What is a “synchronized” step for one author is “asynchronous” 
for another; what is an “asynchronous” circuit for one is “nondeterministic” 
for others (see Section 5). In this context, the author takes the blame for the 
terminological confusion in the paper ([T3]), where the terms “synchrony” and 
“simultaneity” were used improperly. Moreover, this confusion was aggravated 
by the unfortunate notation e for the idling action, which resulted in misleading 
connotations with different versions of hiding. 

Forced to decide now, we have striven to make the most neutral and nat- 
ural choices. We define “synchronous” interaction to refer to lock-step state 
transition, and define “asynchronous” composition in interleaving style. We also 
suggest that the term “net” be used when memory is not shared, and (tenta- 
tively) propose the term “web” for the case when ports are private. This leads 
to a taxonomy for both discrete and real time automata comprising four basic 
structures: synchronous nets; asynchronous nets (message passing); synchronous 
webs; and asynchronous webs (shared variable architecture). 
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2 Automata 

2.1 Preliminaries 

a) Notational provisos 

Z is a space (alphabet), T is the time-domain, i.e. the set N of nonnegative 
integers, or the set of nonnegative reals. A Z-path, is a function i from 
T into Z, whose domain is a left-closed (possibly infinite) interval [t, t + S) or 
[t,t -I- 5]. Z is the set of z-paths. The interval is said to be the life-time of z ; 
its length S is said to be the duration \z\ of z. A path is standard if t = 0. The 
standard shift of z is the standard path whose value at time t coincides with 
z(t t). In many respects we do not distinguish between paths with the same 
standard shift, and we preserve for them the same notation. 

Unless stated otherwise, we confine ourselves to paths whose life-times are 
semi-intervals; their concatenation Z 1 .Z 2 is defined in the usual way. 

b) A reminder 

A discrete-time deterministic automaton M is given by a (state- alphabet) X, 
an (action-alphabet) U and a map nextstate : X x U — > X. The associated 
terminal transition map \P of type X x U — > X obviously extends nextstate 
from singleton action u to action sequence u = u\...ui. Finally, 'F : X xU — > X 
is the associated full transition map. When applied to state x and an action 
sequence u it returns the state-sequence of length ? -|- 1, that starts with x and 
leads to the terminal state x' = <F(x,u). 

Comments: In general, there are no restrictions on the cardinalities of U,X. 
For example, let X be the Euclidean space i?”, and let U consists of (names of) 
appropriate matrices. Then, nextstate may perform the corresponding linear 
transforms of i?". But algebraic assumptions about X,U are not part of the 
model. The terminal and full transition maps are uniquely determined as soon 
as nextstate is given. But for continuous time domain i?-°, nextstate does not 
make sense; hence, the need for a direct definition of terminal/full transitions. 



2.2 Deterministic Automata 
a) Basics 

Even though the forthcoming formulations are general (hence, applicable for 
discrete time as well), they are intended mainly for the less routine continuous 
time-domain. (In [SI] these are also called Dynamic Systems or Machines). 

An automaton M is given by a state- space A, an action-space U and a 
partial 

terminal transition map ^ : X x U ^ X. 

The intended semantics is: if state x occurs at time t, then u with life-time 
[t, t-\- S) produces state x' at time t-\- 6. 

A finite path u is admissible for x iff 'l'{x,u) is defined. 

An infinite path u is admissible for x if all its finite prefixes are admissible 
for X. 
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Below, ui,U2 €U are finite paths, U1.U2 designates their concatenation, and 
e is the empty action path. 

Axioms 

(i) Non-triviality. For each state x there is a non-empty action path u, which is 
admissible for x. 

(ii) Semi-group. 

e) = X 

^{x,u\) = x' h W{x' ,112) = x"] <F(a;, U1.M2) = x” 

(iii) Restriction (Density). Assume that ^{x,u) = x" . If u = U\.U2 then there 

exists x' such that 'l/{x,ui) = a;' & ,1x2) = x" . 

Semi-group closure. An automaton M may be defined as follows: 

(i) Consider W for some set Q of admissible paths, and check the non-triviality 
and restriction axioms; 

(ii) Extend (and preserve this notation!) via concatenations of paths from 17. 

Full transition map of M. This is a function W ■. X xU — > A, which returns 
a path x with the same life-time [0, i5) as that of u. Namely, 

’P{x,u) = x iff yt G [ 0 , S).’l'{x,u\t) = x(t) 

It follows from the axioms, that for (deterministic!) M, the definition is correct, 
i.e. 'P is indeed a function. 

The pair (u, x) is a finite trajectory of M, and i is a finite state-path 
Note, that unlike iF, the extension of W (hence also of state-paths and of 
trajectories) to infinite duration is straightforward. 

b) Flows 

Definition 1. A flow on the state-space A is a function / : A x T — > A, that 
meets the following conditions: 

(i) f{x, 0 ) = X] (ii) if f{x,t) is defined, so is f{x,t') for each 0 < f < t and 

(iii) additivity: 

f{x, h) = x' tf{x', t2) = x” — > f{x, ti 12) = x" 

Notation, nil is the (polymorphic) trivial flow: yt[nil{x,t) = x] 



Example 1 . f{x,t) 

Clearly, a flow is nothing but the transition map E of an automaton M, 
whose action-space is a singleton. Flow is a pure semantical notion, without 
any commitment to specific syntax. Note, however, that in Control Theory the 
favorite way to describe flows is via differential equations. 
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Example 2. Consider a finite-dimensional differential equation 

x = F{x), (1) 

where x is an n-dimensional vector. Assume the existence of unique solutions 
of this equation for arbitrary initial conditions and for arbitrary time intervals. 
(This can be guaranteed under appropriate technical assumptions, which are not 
relevant here.) The associated flow / is defined as follows: 

Given a time interval [to,t] and an initial state a; (to) = xg, consider the 

corresponding solution x of equation (1) on that interval. Then, /(xg, t) x{t). 

c) Structured spaces (alphabets) 

Assume W = V x Z, so that each path w is uniquely defined by the pair {h, z} of 
its projections into V and Z; we do not distinguish between path w and that pair, 
for which we use notation vz. Specific delimiters and/or ordering restrictions may 
be used for additional information. For example v /z ov v — > z may characterize 
as an argument value, and z as the corresponding function value. 

In the sequel, the state-space X will be structured only as the Cartesian 
product of a set of components Ai, A 2 , . . . , Xm- On the other hand, the action 
space U may be structured via a set of components C/i, C/ 2 , . . . , C/fe in two different 
formats: 

a) Multiplicative (Cartesian) format: U = U\ x U 2 ■ ■ ■ x Uk 

b) Additive (disjoint sum) format: U = U\ + U 2 ■ ■ ■ + Uk 

Respectively, two formats of admissible action paths will be considered. 

(i) In the multiplicative format such a path belongs to U . 

(ii) In the additive format an additional assumption is needed: 

Interleaving structure. Each admissible action-path is the concatenation of 
“straight” paths Ui G Ui. Hence (by semigroup closure), it suffices to define 
transitions only for straight paths. 

Clearly, for discrete (but not for continuous) time the interleaving structure 
is guaranteed for all paths that belong to U. 



2.3 Behavior of Initialized Automata 
a) Retrospection 

Notation. q;|t is the prefix of path a restricted to life-time [0, r). 

Definition 2. / is a retrospective operator (shorthand: retrooperator) of type 
C7 — > y if it is defined on a prefix-closed subset of U and satisfies the condition: 



li y = f{u), then y|r = /(u|r) . 
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In other words, for each t the value y(t) depends only on the values of u on 
the right closed interval [0, t]. When y{t) does not depend on u{t), the operator 
/ is said to be strongly retrospective. 

Clearly, for each initial state xq G X, the full transition map ^ induces a 
strong retrospective operator X, which is called the input/state behavior (i/o 
behavior) of the initialized automaton < M,xq >. 

b) Accepted sets 

The behavior of < M, xq > can also be characterized by a set (language) which 
consists of all (or of an appropriate part of) the action paths (of the trajectories or 
the state-paths, respectively) admissible at xq. This is the action (respectively, 
trajectory or state) set, accepted by < M,xq >. Most important is infinite 
behavior that obeys some reasonable fairness conditions. Fairness is beyond our 
subject, so, when referring to infinite paths, all admissible infinite paths are 
assumed. 

If the action-space is structured as U x V x ... then the accepted set is pre- 
sented naturally by a characteristic relation L{u, v, ...), called relational behavior 
of the automaton. 

It may happen that for some partition of the arguments in L, the relational 
behavior is the graph of a function, so one could refer to the corresponding 
functional behavior. Note that for a given L there may happen to be different 
“functional” partitions of this kind. 

c) Transducers 

Implicit transducers. Consider, for example, a retrooperator F of type r = 
U X A — > B. Let < M, Xmit > be an initialized automaton with state-space X 
and action alphabet U x A x B. 

Definition 3. < M, Xinit > is a implicit transducer of type t with input/output 
behavior (i/o behavior) F iff it accepts the graph of F (hence '1/M{xinit,uab) is 
defined iff b = F{ua)). 

Remark. In the case above it might be convenient to use the mnemonic notation 
'H^M{xinit,ua / b) which points out the type of the intended behavior. Note, that 
an automaton M may happen to be typable in different ways as an implicit 
transducer. 

Explicit transducers: strong and weak readouts. Let M be an automaton 
with spaces X, U. Consider in addition: (i) a space Y of output (or measurement) 
values, and (ii) a map h : X — > Y . The pair < M, h > is said to be an 
explicit transducer with underlying automaton M and strong readout map h. 
Let G : U — > X be the i/s behavior of the underlying automaton M. Then, 
the i / o-behavior of the transducer < M, h > is the retrooperator F : U — > Y, 
defined as follows: 

Assume x = G{u); then F{u) returns y such that 
Vt < \u\. y{t) = h{x{t)) 



( 2 ) 
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Clearly, like G, the retrooperator F is also strongly retrospective. 

A weak readout map h ( not considered in [SI]!) is of type X x U — > Y. 
The definition of i/o-behavior in (2) should be modified, namely, y(t) = h{x(t)) 
is replaced by y{t) = h{x{t) , u{t)) . The i/o behavior is still retrospective, but 
strong retrospection is no longer guaranteed. 

d) Comparing transducers and operators 

Implicit transforms. Consider an explicit transducer < M,h > with i/o be- 
havior F : U X A — > B. 

Assume that < M, h > is specified hy F : Q x IJ x A — > Q and (for 
simplicity) by a strong readout h : Q — > B. 

Definition 4. Let M' be the automaton with transition map F' : Q x U x Ax 
B — > Q, defined below ((5 is the common length of the paths): 

F' {q,ud/b,6) = q' iS F{q,ud,S) = q & q' = q{6) & V t < S. b{t) = h{q{t)). 

Say that M' is the implicit transform of < M, h >, and < M, h > is the explicit 
transform of M' . 

It is easy to see that M' is an implicit transducer with i/o behavior F (the 
same as that oi < M,h>). 

Clearly, an implicit transducer is not necessarily the implicit transform of an 
explicit transducer. 

Consider three properties of an operator F : 

(i) F is a retrospective operator, 

(ii) F is the i/o-behavior of an implicit transducer, 

(iii) F is the i/o-behavior of an explicit transducer. 

Proposition 5. These properties are equivalent. 

That (ii) and (iii) imply (i) is trivial. The implication (iii) — > (ii) is due to 
implicit transforms. The other directions are not trivial. 

2.4 Nondeterminism 

Nondeterministic automata. If nondeterminism is not excluded a priori, 
then, instead of the terminal transition map F one might expect a terminal 
transition relation M(x,ii,x'). However, we confine ourselves below to the full- 
transition format M {q, u, q) . 

A particular case: 3-automata. Assume that M is a deterministic automaton 
with input alphabet U = U\ x U 2 (hence, with input paths ui x U 2 ) and with 
full transition map F. The non-deterministic automaton (call it M') such that 

M\q,ui,q) iff 3u2[F{q,ui,ii2) = q] 

is said to be a 3-automaton. 
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Remark. Note that two 3-automata may have the same terminal transitions but 
different full transitions. 

Nondeterministic retrooperator /* 

Definition 6. A multi-valued function f* is an 3-retrooperator iff there exists 
an appropriate retrooperator / such that y G f*{u) iff 3b[y = f(b,u)]. 



3 Interaction 

Interacting agents are (possibly infinite) automata with structured spaces (al- 
phabets). 

For discrete-time automata the binary interaction combinators are defined 
in a routine way, via derivation of the nextstate-ma,p (nextstate-relation) for 
the composition M from the nextstate-maps (nextstate-relations ) of the com- 
ponents Mi. However, one should be careful with continuous time, when one 
needs to deal directly with terminal, or even with full transition maps. For these 
reasons we start with nextstate for discrete time, and then provide motivated 
definitions for terminal and full transition maps, which cover both discrete and 
continuous time. 

Note that in all cases below, if the components are deterministic, so is their 
composition. Finally, the combinators are commutative and associative; hence, 
compositions may be considered for arbitrary sets {Mi, M 2 , M 3 , . . .} of compo- 
nents. 



3.1 First Dichotomy of Interaction: Synchrony (multiplicative 
version) vs. Asynchrony (additive version) 



a) Synchrony 

For simplicity consider Mi with state-space Xi x Xg and action-space Ui x Uq. 
Call the Xi - ports, and the Ui - registers. Note, that the components are allowed 
to share registers (here - Aq) and ports (here - Uq). 

Definition 7. (Synchronous composition: M = Mi x M2). The state-space of 
M is Ai X Xq X X2, the action-space is Ui x Uq x U2, and the transitions are as 
follows: 



def 

M{xiXoX2,UiUoU2,x[xqX2) = Mi{xiXq, UiU(j, x[xq) k M2 {x2Xq,U2Uo,X2Xq) 

( 3 ) 

In particular, for deterministic Mi 

nextstate{xiXoX2,uiUoU2) = x'ix'qX2 iff 

nextstatei{xiXo,uiUo) = Xix'q & nextstate2{x2Xo, U 2 U 0 ) = X2Xq (4) 
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Warning. Note, that (4) cannot be extended to terminal transition maps in 
the form 



'P{xxXoX2tUxUoU2) = Xix'qX2 iff 'l'l{xxXo,UiUo) = x'ix'q k'F2{x2Xo,U2Uo) = X 2 XQ 

(5) 

The reason is that in (5), for given uiUoU 2 , the Mi are required only to reach 
the same terminal (!) value Xq, which would guarantee that ^{xiXoX 2 jUiUqU 2 ) 
is defined. However, the Restriction Axiom for Automata requires more, namely, 
definedness for all prefixes of uiUoU 2 - 

One possible remedy might be to use full transitions instead of terminal ones. 
Definition 8. (For both discrete or continuous time). 

<F{xiXoX 2 , U1U0U2) = X1X0X2 iff 'Fi(xiXo, UlUo) = XlXo & '^2(X2X0, U2U0) = X2X0 

( 6 ) 



The way to handle terminal transitions is as follows: 

Definition 9. (For both discrete and continuous time). If the components Mi 
don’t share registers, then 

'I'{xiX2,UlUoU2) = x\x2 iff 'Pl{xi,UxUo) = x\ & '1^2{x2, U 2 U 0 ) = x '2 (7) 

Let act{M) denote the action set accepted by M. 



Proposition 10. (Restorability of act{M)). Assume that the Mi don’t share 
registers. 

Let Li{ui,uo) be the characteristic predicate of act{Mi). Then 



L{ui,uo, U 2 ) = Lx{ui,uo) & L2{u2, Mo) 

is the characteristic predicate of act{M) 

b) Asynchrony 

This interaction combinator is considered for automata with interleaving struc- 
ture (see Sec. 2.2c). 

Consider first discrete time. 

Definition 11. (Asynchronous composition: M = M 1 HM 2 ). Assume M\ with 
spaces Ai X Ao, Ui + Uo, and M 2 with spaces A 2 x Aq, U 2 + U 0 . Then M has 
spaces Ai x Aq x A 2 , U1 + U0 + U2 and nextstate{xiXQX 2 ,Ui) = x'ix'qX 2 holds 
in one of the cases: 



nextstate\{xiXQ,Ui) = x'^Xq x '2 = X2 if i = 1 (a) 

nextstate2{x2Xo,Ui) = x'2x'q Sz x'.^ = xi if i = 2 (6) 

nextstatei{x\XQ,Ui) = x'ix'q & nextstate2{x2Xo, Ui) = X 2 x'q if i = 0 (c) 
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Again, one should be careful about the extension from nextstate to terminal 
and full transition maps W and 'P. 

The way to deal with terminal transitions, is as follows: 

Definition 12. (No shared ports). Assume Mi with spaces Xi x Xq, U\, and 
M2 with spaces ^2 xATo, C/2- Then M has spaces ATi x ATg XX2, C/1 + C/2, and (up 
to semi-group closure) the following terminal transition map: P{x\XQX2,Ui) = 
x'ix'qx'2 holds in one of the cases: 



Pi{xiXoTUi) = x'iXq Sz x '2 = X2 if i = 1 (a) 

p2(x2Xo, Ui) = X2x'q Sz x'l = Xi if i = 2 (b) 

Definition 13. (No shared registers). Assume Mi with spaces Xi, Ui + Uq 
and M2 with spaces X2, U2 + Uq. Then P{xiX2, Ui) = x'ix'2 holds in one of the 
cases: 

Pi{x\,Ui) = x'l Sz x'2= X2 if i = 1 (a) 

p2{x2,Ui) = x '2 Sz x'l = xi if i = 2 ( 6 ) 

Pl{xi,Ui) = x'l Sz p2{x2,Ui) = x '2 if i = 0 (c) 

3.2 Second Dichotomy of Interaction: Nets vs. Webs 
a) Basic architectures 

This dichotomy reflects available communication mechanisms: 

Nets: communication, if any, is via shared ports; all registers of a component 

are private. 

Webs: communication, if any, is via shared registers; all ports of a component 

are private. 

Note that for nets, because of the privacy of registers, it can be assumed 
(without loss of generality) that components have unique registers. Similarly for 
ports in a web. The two dichotomies induce four “architectures”: 
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Remark. Terminal transition maps do not fit directly with architecture 3 (syn- 
chronous webs) . In this case the formulation would require first the consideration 
of full transitions (see Warning in Sect. 3.1a). 

b) Petri graphs 

This is a bipartite graph G (possibly directed) with k circle-nodes and m box- 
nodes. G is an atomic net if it consists of a single circle with its neighboring 
boxes; it is an atomic web if it consists of an unique box with its neighboring 
circles. Hence, two dual decompositions of G: into k atomic subnets or into 
m atomic subwebs. G is said to be a net or a web if it is equipped with the 
corresponding decomposition. 

Figure 1 shows an atomic net with circle labeled Q and an atomic web with 
box labeled A. 




A2 Q A3 Qs A Q2 



Fig. 1. Nets versus Webs. 



Example 3. 



Consider the Petri graph shown in Figure 2. It has two dual de- 




A2 



Qi 



Q2 



Fig. 2. A Petri graph. 



compositions. Figure 3 shows the decomposition into three atomic nets which 
“communicate” via shared boxes. Figure 4 shows the decomposition into two 
atomic webs which “communicate” via shared circles. 
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Fig. 3. Decomposition into three atomic nets. 

Qa Q) n ^2 
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Fig. 4. Decomposition into two atomic webs. 



c) Nets and webs of automata 

Appropriately labeled nets or webs offer a suggestive graphical syntax for para- 
digms which involve sharing and/or communication. 

A net of automata N{Mi, is an entity given by: 

(i) A net N with numbered circles: Ci : i = 1, 2, ..., k. 

(ii) A map env which correctly assigns to each Ci an automaton Mi] this means 
that the ports of Mi are in 1 — 1 correspondence with the neighboring boxes 
of N. It is assumed that each Mi has a single register, which is its private 
register. 

Semantics: if Mi x ... x Mk = M, then say that M is decomposed as (specified 
by) the synchronous net N{M\, M^). Similarly, for asynchrony. 

Webs of automata W {Mi , ..., Mm) are handled in the dual way. In particular: 

(i) 61 , ..., bm is an enumeration of the boxes in W . 

(ii) Each of the automata has an unique (private!) port, and env correctly assigns 
automata to boxes. 

Remark. Synchronous nets are commonly used in hardware specification, where 
ports correspond to ‘pins’ of the physical component devices ([G]). The relational 
behavior of a device may be specified by defining a predicate Dev(oi, ...), which 
holds iff tti,.... are allowable values on the corresponding lines (ports). Note 
that the values on the lines can be modelled with infinite paths. The constraint 
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imposed by the whole system (the relational behavior of the system) is obtained 
by: 

(i) conjoining the constraints (predicates) imposed by the components (compare 
with Proposition 2), and 

(ii) existentially quantifying the variables corresponding to the internal lines. 
(As mentioned earlier, hiding issues are omitted in this paper.) 

Recall that in the Petri Net community circles are called places, and boxes 
are called transitions. However, having in mind the env maps above, we will 
refer occasionally to the circles (boxes) of a Petri graph as registers (ports). 

d) Mutual modeling of asynchronous nets and webs 

Look at the Petri graph of Figure El and assume it pictures a net N over three 
components. See (easy!) that, dually, it pictures also an appropriate web W , such 
that N and W specify the same automaton. However, modeling webs as nets is 
much harder, and a more sophisticated approach is needed. The moral: webs are 
in some sense more expressive than nets. However, nets may be preferred for 
compositionality reasons [Ma] . 

e) Directed Petri-graphs 

Assume that the edges in G are oriented (directed) . A box b is an output-box of 
circle c, if there is a directed edge (channel) from cto b. Similarly, for input boxes 
of c. Hence, for given c we have the partition < in(c), out(c) > into its input and 
output boxes. If b is an output-box of some c G G, then it is said to be an output 
box of G; otherwise it is an input-box of G. Hence, we also have a partition of 
all boxes of G into in{G) and out{G). We call this partition the port-type of G, 
and use for it the notation in{G) — > out(G). Similarly, is defined the register 
type of G. In the sequel we focus on directed nets of automata, whose ports are 
partitioned into input and output ports, and require that env respects the status 
of these ports (i.e. input ports correspond to neighboring input boxes etc.). 

Orientation of the edges may be used for additional information about the 
components of the net or of the web. But note that it does not affect the seman- 
tics of synchrony and asynchrony. 

For example, can consider a directed synchronous net of implicit transducers 
(see Section 2.3c). But note that (meanwhile) it would specify an automaton 
without commitments to specific i/o behavior. The term ’’Circuit” will be used 
below for directed nets, whenever the type of the net is semantical relevant. 



3.3 Circuits 

Circuits offer a suggestive pictorial representation for specific systems of equa- 
tions and for related nets of functions, or of transducers. 

a) Systems of equations vs. directed nets of functions 

Consider a system Eq of equations Eqi with the format Xi = fi{yi , ..., Um)', i = 
1, ..., /c. The variables occurring only on the right hand side of an equation (say 
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v\, are declared as input variables of Eq, the others (say wi, ...,Wn) - as 

its output variables. 

It is appealing to represent Eq as a directed net of functions NEqifi, ■■■, fk), 
whose registers ri,...,rk are labeled by the function symbols fi,...,fk, and 
whose ports are labeled by the corresponding argument symbols. 

Clearly, the input (output) ports of NEq will be labeled by the input (output) 
variables of Eq. We refer to NEqifi, ■■■, fk) also as a circuit of functions, with 
port-type vi, ...,Vm — > wi, ..., w„. 

Under appropriate interpretation / of the functional symbols, the conjunction 
/\ Eqi defines an m-|-n— dimensional relation, which may happen to be the graph 
of a function <f> with type vi,...,Vm — w\,...,Wn- In this case say that Eq and 
also the net of functions NEq are reliable (under the intended interpretation 
I) and define 4>. Say also that they define each of the corresponding m-place 
functions 4>i with type vi, — > Wi', 1 < i < n 

b) Circuits C{fi, fk) of retrospective operators 

In the seminal paper [BW], Burks & Wright initiated the investigation of the 
fundamental case, when the functions fi in Eq (and in NEq) are retrospective 
operators (see Def. 2); moreover, the defined function (j) is also required to be 
retrospective. 

Say that p is a confluence port (register) in a directed Petri Graph G, if it the 
output port of different registers (ports). It was observed in [BW] that confluent 
ports have the semantical effect of ’’backward passage of causal influence” , which 
harms reliability. Hence, the following constraint is assumed from now on: 

(i) For circuits: no confluent ports. 

(ii) For Eq: no two equations in Eq may share left-hand side variable. 

For discrete time retrooperators the following is well known and easy; 

Proposition 14. If every oriented cycle in the circuit C(/i,...,/fc) (confluence 
constraint assumed) passes through a strong retrospective operator fi, then C is 
reliable. 

Remark. For continuous time this claim is wrong, and the search for sufficient 
conditions of reliability is a non trivial task. In [PRT] it is considered for specific 
retrospective operators (see right-continuous operators in the next section) . 

c) Circuits of 3- retro op orators (For 3-retrooperators, see Sec. 2.4). 

These circuits, their input and output variables, as well as their semantics, differ 
from those for single-valued operators in the obvious way: instead of equations 
with format “ variable = term ” one considers inclusions with format “ variable 
G term ”. Say that the circuit C{f f^) is reliable iff the relation it defines 
is the graph of a 3-retrooperator f. 

d) Circuits of transducers 

Circuit C{M [, ..., Mjf) of implicit transducers. This is a synchronous directed 
net of transducers, which obeys the confluence constraint. 

Assume that the M' define respectively the retrooperators fi, and let C(/i, .., 
fk) be the corresponding circuit of retrooperators. 
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Proposition 15. (i) The circuit C{M[, specifies a deterministic au- 

tomaton M' ; (ii) M' is an implicit transducer (of the respective type) iff the 
circuit of operators C{Fi, Fk) is reliable. 

Circuit C(< Mi, hi >, < Mk, hk >) of explicit transducers. We omit the 
formal definition, but consider the circuit of the corresponding implicit trans- 
forms (see Section 2.3) C{< >) as well as the automaton M' it 

specifies. 

Proposition 16. Assume that M' is an implicit transducer, which defines a 
retrooperator (j). Then M' is the implicit transform of an explicit transducer 

< M, h > which defines F . 

Comments 

(i) Proposition 5 (see, sect. 2.3) guarantees only that there exists an explicit 
transducer < M, h > which has the same z/o-behavior as M' , but < M, h > 
is not claimed to be the explicit transform of M' . 

(ii) In the general case (reliability not guaranteed), the pair < M,h > above 
with underlying 3-automaton M might be considered as some kind of non- 
deterministic explicit transducer, whose i/o-behavior is 3-retrospective. 

(iii) Clearly, for circuits with no feedback cycles, reliability problems don’t occur 
at all. This is essentially the case with the “deterministic timed automata” 
from [AFH]. 

4 Toward Hybrids 

4.1 Finite Variability 

Say that z is an elementary path with duration 6 iff for some a,b € Z there 
holds: 

z(0) = a; z{t) = b for 0 < r < 5 
The corresponding notation is z =< a • b, S >. A path z: 

(i) is continuous at time-instant t if there is an open time -interval, containing 
t, in which z is constant; otherwise it changes (is discontinuous) at t. 

(ii) has finite variability (is a FV-path) if on each finite subinterval (of its life- 
time) it changes at most at a finite set of time instances. 

(iii) has variability < fc if it changes less than k times in each subinterval with 
length < 1. 

(iv) has latency > a if whenever it changes at instants ti,t 2 then \ti — ^ 2 ! > 0 . 

(v) is J-sparse (for some J C Z ) if values from J occur in each finite subinterval 
at most at a finite set of time-instances. 

A retrooperator / has finite variability if it maps FV-paths into FV-paths. 
Let outf be the set of all paths outputted by /. Say that / has bounded variabil- 
ity (bounded latency) iff for some constant c all paths in outf have variability 

< c (latency > c). 
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Remark. See that bounded latency implies bounded variability, but the inverse 
fails. 

Clearly, a path z with finite (respectively - infinite) duration has finite vari- 
ability if it can be represented (we say also - scanned) as the concatenation of 
a finite (respectively - infinite) sequence of elementary path-components. In the 
case of infinite duration it is usually called the non-Zeno property; it means that 
there exists an increasing sequence ti — > oo such that z is constant on every 
interval (tj,C+i). 

In particular, z is a burst-path if everywhere beyond the U it has a fixed 
value, usually designated as nil. Note, that burst-paths encode timed sequences 
([AD]), z is a right- continuous path if all the elementary paths in the scanning 
are constant, i.e. have the format a • a. 

M is a FV- automaton (i?C-automaton) if its action paths have finite vari- 
ability (are right-continuous). In this case, up to semigroup closure, it suffices to 
define the terminal transition function F only for elementary action-paths. Use 
for them the self-explanatory notations F{x,u»u', S) and F{x, u, S). 

We consider now some kinds of FU-automata with finite action-space (al- 
phabet). 

4.2 Flows and Jumps 

a) Flow automata 

Definition 17. M is a flow-automaton if to each Ui G U there corresponds a 
fiow (see, Def. 1) denoted ||ui||, such that whenever F{x,Uj • Ui,S) = x' there 
holds ( for arbitrary Uj !) x' = Il'Uill (x, (5). 

It is easy to see that each i?C— automaton M is a flow-automaton. 

Proposition 18. (trivial). Flow-automata have the following property: IfF{x, 
Ui) = x\, and the Ui differ in at most a finite set of time instants, then the x) 
coincide. 

Example f. Consider the differential equation 

X = F(x, u), (8) 

where x, u are respectively n and m dimensional vectors. Under appropriate 
conditions, equation (8) has unique solutions for a rich class of {/—paths u, 
including all FU-paths. Compare with Flows in 1.1, and see that the automaton 
associated with the equation above is indeed a flow automaton. 

b) Jump/fiow automaton M 

Definition 19. (the sequential version). Assumptions about the action paths: 

(i) U is the disjoint union JUMP[J FLOW of so called jump-alphabet JUMP 
= {ji, -Ok} and fiow-alphabet FLOW = {/i, ..., /^}. 
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(ii) Admissible action-paths are JUMP-sparse (see, sect. 4.1). Hence, the ele- 
mentary action-paths have the format (up to duration i5): fi^fs {pure flow) 
or ji • fs {flow after jump) 

(iii) Semantics: with each ji is associated a jump, i.e. a function ||j;|| : X — > X, 
and with each fs a flow. The elementary transitions are as follows (note that 
the value of fi does not matter): 

'^{x,fi • fs,5) = fs{xj); 'P{x,ji • fs,S) = fs{ji{x),S) 

Definition 20. (Jump/flow automaton M': the parallel version). The intuitive 
idea is that M' behaves essentially as M, up to the following modification: 

M' inputs in parallel a path for flows and a path for jumps. Here is the formal 
definition: 

Let JUMP, FLOW be as in the sequential version, and let JUMP' = 

H pf 

JUMP{^{nilj. The input-space of M' is U' = JUMP' x FLOW. The ad- 
missible elementary action-paths are pairs {a, (3), where 

(i) (3 is an elementary path over FLOW] 

(ii) Of is < nil • nil, S > (trivial) or < ji • nil, S > (jump). 

The transition map F' is defined as follows: 

F'{x,nil»nil,ft» fs,S) = fs{x,S)] F'{x,ji • nil, fi • fs,S) = fs{ji{x),S) (9) 

Remark. Consider the following transform ip : JUMP' x FLOW — > JUMP 
U FLOW: 

if {nil, fi) = fi] ip{ji,fi) = ji 

See that the definition of M' is chosen in such a way that the transform if induces 
an isomorphism between M, M' . Namely, the transition map F' is reduced to 
the map S' of M as follows: 

F' {x,nil»nil, fi»fs,5) = F{x, fi» fs,5)] F' {x,ji»nil, fi»fs,5) = F{x,ji»fs,5)] 

( 10 ) 

c) Examples of jump/fiow automata 

Example 5. (Two clocks with resetting). 

The AD-clock (see [AD]): State-space X = R^] initial state 0. 

Unique flow / with [||/||](a;)](t)=a:-|-t and unique jump reset with ||reset|| (a;)=0. 

The P-clock (periodic clock, see [P]): X = [0, 1]; initial state 0. 

Unique flow / with f{x, t) = x + t if x + t < 1; f{x, t) = x + t{mod 1) if x + 
t > 1. Unique jump j with j{x) = 0. 

Example 6. (A dynamic system with control u and disturbance j). 

This is specified as a jump/flow automaton (parallel version) by equation 

x=f{x,u,j) (11) 

where u provides the paths for flows, and j for jumps. 
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d) Jump-automata 

Clearly, flow-automata present the extreme case of jump-flow automata when 
JUMP is empty, or, said otherwise, it is the singleton {jo} with ||jo||(a;) = x. 
Another extreme case is presented by Jump -automata, where F = {nil}. Hence, 
elementary action-paths are JC/MP-sparse paths of two kinds: 

(i) {nil • nil, (5). This is the trivial flow, i.e 'F{x, nil • nil, 6) = x for arbitrary 6. 

(ii) {ji»nil,5) with. <F{x, ji • nil, S) = ||j;||(a;)- 

Mutual modeling of a discrete-time automaton M and a jump-auto- 
maton MF Assume M with state-space X, action-alphabet J = {ji,.--,jfe} 

del 

and nextstate-function F. Then has state space X, action-alphabet J' = 
J{^{nil}, and the following elementary transitions for arbitrary 5 

{x,j • nil, S) = X iff F{x,j) = x; F^{x, nil • nil, 6) = x. 

Clearly, the modeling above is reversible; it points to the natural correspon- 
dence between discrete-time automata and continuous-time jump-automata. 
Moreover, it is faithful w.r.t. asynchrony interaction in the following sense. 

Proposition 21. Let Mi he discrete-time automata, and M^ the corresponding 
jump- automata. Then, for both nets and webs there holds: 

{MiWM^y = Mi\\Mi 

4.3 Duration Independence 
a) Basics 

Definition 22. An automaton M with finite variability is duration independent 
if whenever M{qi,a*b, 5, 52 ) holds for some duration 5, it holds for arbitrary 5. 



Proposition 23. If M is duration independent, then it respects continuity, i.e. 
if u is continuous at some t > 0, then the state-path F{qo,u) is also continuous 
at t. 



Proposition 24. (Consequence.) The i/s behavior of M is a retrooperator with 
finite variability; moreover, it improves variability in the sense: on each time 
subinterval the state does not change more times than the action. 



Proposition 25. ([R]) Every automaton M with finite variability and with fi- 
nite state-space is duration independent. 



Proposition 26. (trivial). If M is a jump- automaton then it is duration inde- 
pendent; but the inverse implication is not true. 
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b) Graphical representation 

The graphical representation of a transition with elementary action-path is as 
in Fig. 5(i). If the action-alphabet is structured, the standard representation is 
as in Fig. 5(iv), but Fig. 5(vi-vii) are more suggestive when oi • &i, 02 • 62 are 
intended respectively as the argument and the value of a function. 

Warning. Some authors prefer bilabeling graphical representations, in which 
both edges and nodes are labeled. For example, in [ACHP, H] instead of Fig. 5(i) 
would appear Fig. 5(ii), and instead of each of the Figures 5(iv), 5(vi) or 5(vii) 
would appear 5(v). The direct translation of our standard labeling to bilabeling 
is not always possible, as hinted by Fig. 5(iii). In this sense bilabeling does not 
seem to be enough universal. Nevertheless, a more indirect translation is still 
possible. 

Labeling Transition Systems (LTS) for duration independent) au- 
tomata. 

Example 1. Fig. 6(i) presents such an LTS for a duration independent automa- 
ton with states Iq, h, and with five values in the action-space H = {hi, ft-2, ^3, 
ft-5}. Clearly, there is no need to include duration-labels. Here, H' = {h\, ft-2, ^3}; 
H" = {/13, /14, /15} , and self-explanatory shorthands are used to save explosion 
of labeled edges. For example 

H’ • H” [hi • hj} for hi G H’ , hj G H” (12) 

It is easy to see that M is deterministic. However it is not complete. See that 
among 25 possible elementary inputs, only 12 are enabled at state b ; namely, 3 
in hi • H" and 9 in H' • H' . 



4.4 Controllers and Plants 

These are two kinds of transducers, intended to serve as components of hybrid 
automata. The simplest form of hybridity is displayed in the way jumps and 
flows coexist (apart) in Plants and Controllers, even before their including into 
an interacting system. 

a) FP-transducers 

Let T be a transducer, which arises when a FP-automaton M is equipped with 
appropriate readout h. 

For a finite measurement space H = {hi, ..., hk}, the input map h : X — > H 
induces a partition of the state space X into a family of k disjoint subsets, 
called regions induced by h. By abuse of notation we designate by hi also the 
region {x\h(x) = hi} and its characteristic predicate; hence, we don’t distinguish 
between: hi{x) and x G hi. 

In general, the output paths of transducer T don’t necessarily obey the FP- 
requirement. If indeed they do, say that F is a FP-transducer; in this case its 
i/o behavior is a FP-retrooperator (see, sect. 4.1). 
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(iii) 




(01,02) • (& 1 ,& 2 ) 



(iv) 






Fig. 5. 



Remark. Consider the implicit transform M' of T (see, sect. 2.3d), and assume 
that the action apace of the underlying automaton M is {u\,U 2 , ■■■}■ It is easy 
to see that the elementary transitions of M' have the format: 

M'{xo,Um • Un/hs • hr, 6, o;i). 

Below are examples of FF-transducers. Occasionally, the outputs may meet 
properties that are even stronger than FV, like bounded variability/latency, 
spareness w.r.t. some sets (of values) (see, sect. 4.1). 

b) Controllers 

It follows from Proposition 24 that duration independent transducers are FV- 
transducers, and, moreover, they improve variability. 

In the most general setting, a controller is a duration independent transducer. 
Occasionally, additional restrictions may be imposed, say finite state-space may 
be required. 
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Fig. 6. 



Example 8. Let Con be the controller, whose underlying (duration independent) 
automaton is in Fig. 6(i), and whose measurement space (output alphabet) is 
{jO) Ji; /o) /i}- The implicit transform of Con is in Fig. 6(ii). It shows that the 
ji appear only on the left-hand of elementary output-paths; hence (in addition 
to the FF-property), the output-paths of the controller Con are sparse w.r.t. 

F = {hJi}. 

c) Plants 

In the most general setting a plant is a FF-transducer with a jump/flow under- 
lying automaton. Again, additional restrictions may be imposed. 

Example 9. Timers. 

Timers are transducers which appear when clocks with resetting are equipped 
with appropriate readouts. In particular: 

(i) AD-timer ([AD]): this is the AD-clock with the following weak readout: 
h{x, reset) = 0; h{x, f) = 1 for x > l,and = 0, otherwise. 

Easy to see that AD-timer has output with bounded variability, but not 
with bounded latency. Its i/o behavior is retrospective, but not strongly 
retrospective. 

(ii) P-timer ([P]): this is the P-clock with the following strong readout: /i(l) = 
1, h{x) = 0 for X 1 

Note that P-Timer is strongly retrospective (see, Def. 12), and has output 
with bounded latency. 

Example 10. The transducer P. 

This is a transducer < M, h >, whose underlying automaton M is a jump/flow 
automaton, equipped with a strong readout h. 
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Signature of (M, /i): {X-,jo,ji]fo,fi;hi,h 2 ,h 3 ,h 4 ,h 5 ) 

Interpretation. 

(i) State-space X = R (Euclidean) 

(ii) Jumps. jo{x) = x + 1; ji{x) = x + 2. 

(iii) Flows. fo{x,t) = x.e~^* (specified by the differential equation x = —kx), 
and fi (specified by the equation x = K{h — x)). 

(iv) Strong readout h with following regions: hi(x) iff x < 5; h 2 (x) iff x = 5; 
hsi^x) iff 5 < a: < 10; h^^x) iff x = 10; h^i^x) iff x > 10. 

Remark. The i/o behavior of P is strongly retrospective, and the output-paths 
have bounded variability. 

The elementary transitions of the implicit transform of P ( see Sect. 2.3d) 
have the format: P{xo,jm • fn/hg • K, 6, a;i) or P(xq, fm • fn/hg • K, 6, a;i). 

4.5 Hybrid Automaton 

This is (essentially!) a circuit C {Plant, Controller) of specific transducers. We 
preserve notation C for the deterministic automaton specified by the circuit, i.e. 

C = Plant X Controller (*) 

Some comments are in order. 

Note that synchronous composition preserves finite variability {FV). 

Hence, C is a PP-automaton (see. Sect. 4.1) and it accepts (see Sect. 2.3b) a 
set (language) L of PP-paths. Here is the point where reliability considerations 
enter the play: is L the graph of a PP-retrooperator which fits the type of the 
circuit C? 

Look, for example, at the case when Controller and Plant are the transducers 
P and Con above (see 4.4b and 4.4c). Note, that they have a common alpha- 

dpf 

bet A = H[J JUMP U FLOW, and, of course, different state-spaces. In this 
particular case, C is outputless; hence, reliability (if any) would guarantee the 
existence and uniqueness of a PP-trajectory in the space Ax X. Otherwise, we 
would know only, that C is deterministic, i.e. for each A-path there cannot be 
more than one A-path. 

Reliability holds indeed, and that can be argued with the help of the following 
facts: 

(i) P is strong retrospective, and displays bounded variability of the output. 

(ii) The outputs of Con are sparse (see, sect. 4.1) w.r.t. J = {jo,ji}- 

Arguments of this kind underly some (sufficient) reliability conditions con- 
sidered in [PRT]. 

Even though we focus on two components, the extension to many Plants 
(Interfaces, Timers, etc.) and/or many controllers is straightforward. Note also, 
that duration independence of controllers is a more general feature than discrete- 
ness or finite memory. Indeed, in the continuous time setting, discrete automata 
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are modeled by jump-automata (see Sect. 4.2a), and each finite-state automaton 
is duration independent (see Sect. 4.3a). 

Timed Automata are a particular case of Hybrid Automata, whose Plants 
are different kinds of Timers. Actually, the seminal paper [AD], promoted ver- 
sions of AD— timer, which is not strongly retrospective. The consideration of 
P-timer is motivated by its properties (strong retrospection and bounded out- 
put latency), which support reliability. Note that the ’’classical” timed-automata 
were developed as accepting devices, and, hence were not committed to reliability 
requirements. 

Note also that if the controller is nondeterministic it is handled as an appro- 
priate 3-automaton. 

Below we list some popular examples of Hybrid Automata ([ACHP]) and 
point out their decomposition into components. 

Example A. Temperature Controller. 

The Plant: state space R, no jumps, decreasing flow fi and increasing flow /q. 
Controller: deterministic, with two states. 

Comment. Actually, our main example with Plant P and Controller Con is 
an adaptation of Example A, up to the following deliberate deviations from the 
[ACHP] text: 

(i) Jumps jo,ji added; 

(ii) The controller is represented by a detailed labeled transition system 
(Fig.6(ii)), which displays all the (relevant) elementary transitions. 

Example B. Water Level Monitor. 

Plant: state space i?^, jump{x,y) = (0, y), two flows. 

Controller: deterministic, with four states. 

Example C. Leaking Gas Burner. 

Plant: state space R^, jump{t,x,y) = (t,y), two flows. flowi{t' ,x,y){t) = {t' + 
t,x + t,y + t); flow 2 {t' , X, y) = (P, x + t,y + t) 

Controller: nondeterministic, with two states. 



4.6 Hybrid System 

This is a structure whose components are Hybrid Automata Hi, Hk, which 
are combined via different interaction combinators. 

Examples of Hybrid Systems ([ACHP]) 

Example D. MUTEX - the Mutual Exclusion Protocol. 

Allegation: Considered asynchronous shared — memory system consisting of 
two processes Pi, P 2 , which share variable k. The system modeled by the product 
of two hybrid systems presented in Fig. 4 of [ACHP] 

We handle MUTEX as the asynchronous web of two hybrid automata HAi 
and HA 2 , each of them being structured as Timerx Controller x Counter. Note 
that in this case the Plant is structured as the composition of two sub-plants. 
Timer and Counter. 
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Example E. Railroad Gate Control. 

This system consists of three components. The Controller Automaton and the 
Gate Automaton are hybrid automata. The Train Automaton is not; instead of 
manipulating explicit flows it refers only to “flow conditions” imposed on flows. 

5 Discussion 

We comment briefly on some papers and focus on the comparison with the 
conceptual/terminological/notational background presented in this paper. 

5.1 Versions of Synchrony and Asynchrony 

Here are two natural generalizations of Synchrony and Asynchrony, skipped in 
the main text. 

Synchrony w.r.t. a given consistency check [H]. Assume Mi with disjoint 
registers Qi, and with action-spaces V, W. The result of the operation is expected 
to be an automaton M with state-space Qi x Q2 and with some appropriate 
action-space Z. The consistency check is an associative partial function : 
V xW — > Z, which maps action-paths of the components into the action-space 
Z of the result. 

Whereas the original treatment of x relies on the specific consistency check 
{^(uiM07 M2U0) = U1U0U2, in the general case the definition is: 

M{qiq2,<^{v,w),q[q'2) iff Mi{qi,v,q[) k M2{q2,w,q2) 

Multifiring asynchrony. The definition of || assumes strong interleaving of 
the Ui (single firings). The generalization to “multifirings” is straightforward. 
It allows the simultaneous firing for arbitrary subsets of {Ui , }, whereas the 
empty subset is handled as idling ([AD]). 

Reduction of asynchrony to synchrony primitives is a known issue in concur- 
rency (see for example [Mi]). Here is one more version, 

Proposition 27. Let Mi, M2 be automata with disjoint registers. Then, for 
multifiring || and appropriate consistency check there holds 

Afi||i\T2 = Ml X M 2 



5.2 Networking 

Table 1 compares different concepts of networks and circuits according to the 
automata-oriented taxonomy. It is worthwhile to add some comments about the 
cases when the same term is qualified in different ways. 

About two versions of “Asynchronous Circuit”. These are indeed two 
different (even contradictory) entities. The model in [MPl] (unlike that from 
[DC]) does not fit the asynchrony criteria of our taxonomy, even though it reflects 




82 



B.A. Trakhtenbrot 



Table 1 



Author 


Term 


Architecture 


Components 


Input/output behavior 


1) Burks & Wright 
[BW] 


Logical Nets 


x-net (circuit) 


transducers 


Discrete time retro- 
spective operator 


2) Maler & Pnueli 
[MPl] 


Asynchronous 

Circuit 


x-net (circuit) 


3-transducers 


Continuous time 
3-retrooperators 


3) Dill &Clarke 
[DC] 


Asynchronous 

Circuit 


|-web 


deterministic automata 




4) Kahn 
[K] 


Dataflow 

Networks 


|-net (circuit) 


read/ wait automata 
which compute 
“sequential” 
stream functionals 


Discrete time stream 
operators 


5) Manna S-c Pnueli 
[MP2] 


Safe Petri 
Nets 


|-web 


deterministic automata 




6) Mazurkiewicz 
[Ma] 


Safe Petri 
Nets 


|-nets 


deterministic automata 




7) Control Theorists 
[A,S2] 


Hybrid 

Automaton 


x-net (circuit) 


transducers: Plant, 
Controller 


Discrete/continuous 
time retrooperator 



Remarks: 

2)-3) - the same term for different models 
5)-6) - different architectures for the same entity 



the intuition that synchrony means “precisely predictable amount of time” , while 
asynchrony means just the opposite. The “asynchrony” in [MPl] is supported by 
nondeterministic (asynchronous?) delay operators with lower bound I and upper 
bound u for the delay size (see the operator in their Def. 4). Moreover, a 
“circuit” (Def. 5) is presented as a system of inclusions (called there “equations”), 
whose components are delays and pointwise extensions of booleans. 

The following facts (not mentioned in [MPl]) may be easily checked: 

Fact 1. Each Z\;_u is a 3-retrooperator, and the system of inclusions is actually 
a synchronous circuit C of 3-retrooperators. 

Fact 2. This circuit C is feedback reliable, and defines a 3-retrooperator. 

Hence, the [MPl] -asynchrony raises questions which are best explained and 
solved in the setting of synchrony. 

About two versions of “Safe Petri Nets”. Both versions handle the same 
Petri graph, but they analyze it faithfully in two dual ways. 

(i) Decomposing Petri Nets as Webs. 

The corresponding components are illustrated in Figure 7. Each register has 
two possible values, empty (0) or full (1), and each port has two possible values, 
active (1) or idling (0). The transition 

active t t t t 

qiq2PiP2 — > qiq2PiP2 

is enabled iff qi = q2 = 1; Pi = P2 = 0; q[ = q '2 = O', and Pi = p '2 = 1. 
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<n Q2 




Fig. 7. A component of a Petri Net which is decomposed as a Web. 



(ii) Decomposing Petri Nets as Nets. 

Now the component is shown in Figure 8. The corresponding automaton has 



a b 




c d 



Fig. 8. A component of a Petri Net which is decomposed as a Net. 



the transitions q q' iff 

— <7 = 1 A g' = 0 A [a = & = 0] A [c = 1 d = 0]; or 

— <7 = 0 A q’ = I A [c=d = 0] A [a=l<tA6=0]. 

Paradoxically, the “Petri Web” version reflects the original token-game se- 
mantics, and, hence has historical priority. The later version was proposed by 
Mazurkiewicz for the sake of modularity. 
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5.3 Taxonomies in Five Monographs 

Table 2 presents a classification (mostly of programming paradigms!), which is 
compatible with the automata-oriented taxonomy. It exposes the terminological 
preferences of the authors, and what is more relevant, their preferred architec- 
tures. Note, that only [CM] and [Mi] cover synchronous nets. And this is exactly 
the main (almost unique) architecture in classical automata theory and, as we 
argue, for hybrid automata. 



Table 2 



Author 


X -nets 


|-nets 


X -webs 


|-webs 


1) Chandy Sz Misra 
[CM] 


Synchronous Parallel 

1) circuits 

2) systolic arrays 
Synchronous Processes 


Asynchronous Distributed 

1) message passing 

2) stream processing 
Asynchronous Processes 


Synchronous 

Shared 

variables 

(under 

write/read 

consistency) 


Asynchronous 

Shared 

variables 


2) Manna Sz Pnueli 
[MP2] 




Message Passing Text 




1) Transition 
Diagrams 

2) Shared 
Variable Text 


3) Francez 

[F] 




Distributed Programs 




Shared 

Variable 

Programs 


4) Apt & Olderog 
[AO] 




Distributed Programs 




Parallel 

Programs 


5) Milner 
[Mi] 


Synchrony 


Asynchrony 







Comments: 

1) “union” for pure jj 

2) a) Generic model: basic transition systems 

b) Petri Nets out of classification 

c) X out of classification 

3) a) “parallel” used as “generic” 

b) Sometimes: concurrent shared variables 

c) Interleaving “called” asynchronous computation 

4) “concurrent” used as “generic” 

5) Primitives distinct from shared variables 



Some observations about the basic models in [MP2] are in order. The generic 
model is, up to syntactical details, an automaton with structured alphabets (en- 
riched later with fairness conditions). Four concrete models of reactive systems 
(reactive programs) are considered: (i) Transition Diagrams, (ii) Shared Variable 
Text, (iii) Message-Passing Text, (iv) Petri Nets. 
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1. Up to syntax, models (i) and (ii) are essentially the same, namely - asyn- 
chronous webs. Model (iii) is an asynchronous net. 

2. Only asynchrony (||) composition is considered: shared variables for (i-ii) and 
disjoint variables for (iii). Synchrony not is covered. 

3. For Petri Nets the firing semantics is explained; hence, implicitly, the Petri 
Web architecture is assumed. 

5.4 Hybrids in [H] 

The conceptual/notational approach in [H] ( which may be consulted for further 

references) differs from ours in the following points: 

(i) No consideration of operators/transducers, feedback reliability. 

The alleged Hybrids specify sets of trajectories (i.e. languages, as opposed 
to input/output behavior specified by transducers), the challenge being to 
verify relevant properties of these languages. 

(ii) No explicit representation of a Hybrid Automaton as a pair of interacting 
components Q 

(iii) Use of instantaneous transitions. Unlike discrete time, when an execution of 
a transition is considered as an instantaneous event, for continuous time the 
duration aspects become more relevant. In ([AHH]), graphs in which both 
edges and nodes are labeled are used. The intended semantics is that edges 
represent instantaneous activities (jumps), whereas nodes represent lasting 
activities (flows). Remember, however, that , according to the axioms of 
automata, the only instantaneous transition is the identity. 

(iv) Inclusion of asynchrony in the basic model of Hybrid Automata. 

Some examples (Railroad Crossing, Mutex) handle what we called Hybrid 
Systems, i.e. synchronous or asynchronous composition of Hybrid Automata, 
but most of them (Temperature Controller, Water Level Monitor, Leaking 
Gas Burner etc.) can easily be analyzed in the synchronous model of Hybrid 
Automata. 

5.5 Graphical Representation of Hybrid Automata. 

Actually, a representation of this kind underlies the [H]-model of hybrid au- 
tomata (see quotations 6-7 in the introduction), in which the behaviors of the 

plant and of the controller are indi visibly coupled. From the perspective of the 

^ I learned recently that in [OD] Olderog and Dierks also advocate the explicit de- 
composition of timed automata (particular case of hybrid automata): 

Quotation 9. ...real-time system can be decomposed into an untimed system com- 
municating with suitable timers. Both synchronous and asynchronous communica- 
tions are considered... At first sight it seems that the decomposition. ..is already 
solved by the model of timed automata... However, the main difference... is that 
in the timed automata model the clock operations are indivisibly coupled with the 
transitions whereas here we present a clear separation of untimed system and timers 
with explicit communication between them. 
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circuit paradigm, the essence of this representation is that in the Labeled Tran- 
sition System of Controller the edges are decorated with relevant information 
about the semantics of Plant. Clearly, since Plant is a semantical object, this 
cannot be done in a systematic way, so we confine with the illustration w.r.t. 
our particular example. Namely, consider C = P x Con, and ask: what is the 
detailed structure of an (elementary!) transition 



C{loXo,u,liXi) (13) 

in C? 

Note first that the components have a common action-alphabet H[J JUMP 
\_)FLOW and different state spaces: X and Below, referring to P and 

Con we have, actually, in mind their implicit transforms. 

Clearly, (13) is the result of the simultaneous performing of an elementary 
transition of Con, say 

Con{lo,h2^h3/jiu fi,h) (14) 

and a companion elementary transition of P (see Sect. 4.4c), which must have 
the format 

P{xQ,ji»fi/h2»h3,6,xi) (15) 

Since the Controller is duration independent, no information about the duration 
5 was included in (14). However, the parameter 5 is crucial for the companion 
transition (15). Note also, that in (14) the symbols Ii 2 ,h 3 ,ji, fi are handled 
only as values in the corresponding space (alphabet) H{J JUMP\J FLOW, 
whereas in (15) they are (according to the concrete interpretation / of the P) 
names (codes) of, respectively, predicates, jumps and flows. Hence, below the 
corresponding constraints on the intended state-path x, which evolves in P. 
They reflect the essential difference between Con, which is equipped with a 
clear LTS'-syntax and P, whose only syntactical commitments are reflected in 
its signature. Here is the “constraining package,” which interprets Con in the 
semantical environment of P: 

(i) Values on the ends of the time interval: i(0) = xq Sz x(S) = xi 

(ii) Region constraint: i(0) € li 2 Sz x{t) G /13 for t G (0, 6) 

Hence: i(0) = 5 & 5 < x{t) < 10 for t G (0, i5) 

(iii) Flow-after-jump constraint: x{t) = fi{ji{x{0),t) for t G (0, <5) 

Hence, x{t) = /i(x(0) -I- 2, t) for t G (0, i5). 

According to [H] one might use (up to minor details) the following simplified 
notations: 

(i) The region constraint is replaced bya; = 5* 5<a;<10 

(ii) The flow-after-jump constraint is replaced by a; := a; -I- 2 • /i = ... 

Hence, the “Constraining Package” above may be disguised as a “transition” of 
C with the format 



Con{lo, x = 5*5 < X < 10/a; := a;-|-2* fi = ...,t'i) 



(16) 
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which is represented in Fig. 9(i). Actually, according to [H], instead of Fig. 9 
(i) would appear Fig. 9 (ii), which is the bilabeled version of Fig. 9 (i) (Consult 
Warning in Sect. 4.3b). 

Finally, remind that the [H]-hybrid automaton is an acceptor of state-paths 
x; hence no commitments to reliability issues. The operational semantics of Fig. 
9(ii) is as follows. Assume that 

(i) at time t the component Con is in state Iq; 

(ii) a; = 5 at time t, and up to (but not necessarily including) t + S there holds 
5 < a; < 10. 

Then C leaves location Ig at time t and, in the (right-closed!) life-time interval 
(t, t -l- <5], it can reside in li; moreover, in that interval, the evolving of x occurs 
according to flow /i after x = 5 -I- 2. 




Fig. 9. 



5.6 A View of Control Theorists 

It has been encouraging for the author to learn that in ([A,S2]) hybrids are indeed 
treated as synchronous circuits of appropriate transducers: plants, interfaces, 
controllers. 
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In order to interact with finite-memory controllers, the plants have to be 
equipped with discrete output. This seems to be a rather sophisticated part of the 
whole enterprise. For example, stabilization requires that the state-trajectories 
imposed by the controller converge to 0. How should this be achieved via finite 
input/output alphabets? In [A] this is actually done through the inclusion in 
the network of a very non-trivial interface. Inventing the interface, proving the 
reliability of the circuit (not to mention the very treatment of the differential 
equations) is in the full competence of control theorists, and beyond concepts 
and techniques of automata-theory and logic. 

In [A,S2] the controller is implemented as a timed automaton. According to 
our view, this means that, beyond the main Plant and the interface, other auxil- 
iary plants are also used (Timers, maybe something else). From this perspective 
the controller is again a finite (and hence - a duration-independent) automaton. 

Note also the difference: [A] uses (implicitly) finite-state controllers, whereas 
[S2] allows controllers with infinite state-space. This kind of infinity is compen- 
sated by the fact, that the transitions are defined via a piecewise-linear relation. 

About the fascination with automata terminology. Professionals who 
came from other fields readily develop finite-automata exercises into their prob- 
lems. 

Quoting Sontag [S2] : “Looking for an umbrella under which one can formulate 
mixed linear/switching mechanisms... Find consistent notations and terminology 
across various areas...” 

We should, however, be aware of the limitations of such exercises. The ex- 
pectations from the core results in Automata Theory seem to be exaggerated. 
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Abstract. Most semantic theories for process calculi presuppose that 
communication is synchronous; the sending and receiving processes 
must rendezvous for the communication to occur. However there is now 
considerable interest in process languages based on asynchronous com- 
munication, where the sender is not blocked but may transmit a message 
even in the absence of a waiting receiver. On the one hand this communi- 
cation paradigm is much easier to implement and consequently has been 
adopted by numerous recently developed process languages, |4|^ . On the 
other hand it has been argued in papers such as m that, at least for 
pi-calculus based theories, asynchrony is a more basic concept in terms 
of which theories of synchronous communication can be established. 
Despite this interest in asynchrony there has been little research into 
axiomatising process calculi based on this form of communication. In 
this talk I will survey existing results, such as those in |1J^, and discuss 
equational theories for synchronous versions of both value-passing CCS 
0 and the pi-calculus 0. 
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Abstract. It is proved that everywhere-dense Min 2SAT and every- 
where- dense Min Eq both have polynomial time approximation sche- 
mes. 



1 Introduction 

The approximability theory of dense instances of maximization problems such 
as Max Cut, Max 2SAT has had many recent successes, starting with (Q and 
|E]- (See PI for a recent review.) In it is proved in particular that the dense 
instances of any problem in Max SNP have a polynomial-time approximation 
scheme. In 0, it is proved that many of these problems can be approximated 
in constant time with an additive error en^ where n is the size of the input 
in a certain probe model (implying that the dense versions have constant-time 
approximation schemes) . 

The case of dense instances of minimization problems (or edge-deletion pro- 
blems) seems to be harder. The case of Bisection was settled in PJ. In this 
paper, we bring a further contribution to this case by proving that everywhere- 
dense Min 2SAT and everywhere-dense Min Eq both have polynomial-time 
approximation schemes. Our main tool is a constrained version of Bisection, 
which we call Paired Bisection: a pairing II of the vertices is given and we 
look only at the bisections which split each pair of vertices in 77. The key step 
in the proof is an L-reduction from Min Eq to Paired Bisection. Then we 
adapt the algorithm of Q for Bisection to Paired Bisection. This yields a 
polynomial-time approximation scheme for everywhere-dense Min Eq. A density 
preserving L-reduction from Min 2 SAT to Min Eq concludes the proof. 

2 Preliminaries 

We begin with some basic definitions. 

Approximability. Let us recall a few definitions about approximability. Given 
an instance x of an optimization problem A and a feasible solution y of x, we 
denote by m{x,y) the value of the solution y, and by optA{x) the value of an 
optimum solution of x. In this paper we consider mainly minimization problems. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 91-^HI 1999. 
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The performance ratio of the solution y for an instance x of a minimization 
problem A is 



R{x,y) 



m{x,y) 
optA{x) ' 



For a constant c > 1, an algorithm is a c- approximation if for any instance 
x of the problem it returns a solution y such that R{x,y) < c. We say that 
an optimization problem is constant approximable if, for some c > 1, there 
exists a polynomial-time c-approximation for it. APX is the class of optimiza- 
tion problems that are constant approximable. An optimization problem has a 
polynomial-time approximation scheme (a ptas, for short) if, for every constant 
e > 0, there exists a polynomial-time (1 -I- e)-approximation for it. 



L-reduction. The notion of L-reduction was introduced by Papadimitriou and 
Yannakakis in 0. Let A and B be two optimization problems. Then A is said 
to be L-reducihle to B if there are two constants a, /3 > 0 such that 



1. there exists a function, computable in polynomial time, which transforms 
each instance x of A into an instance x' of B such that optsix') < a-opt^(x), 

2. there exists a function, computable in polynomial time, which transforms 
each solution y' of x' into a solution y of x such that \m{x,y) — optA{x)\ < 
fi- \m{x',y') - optB(x')\. 

For us the important property of this reduction is that it preserves ptas’s; that 
is, if A is L-reducible to B and B has a ptas then A has a ptas as well. 

Equivalence. Given n variables, an equivalence is an expression of the form 
li = Ij where h, Ij are literals. The equivalence li = Ij is true under an assignment 
A iff A gives the same truth value {true or false) to li and Ij. 

Graphs. As usual, we write G = {V{G),E{G)) for the undirected graph with 
vertex set V{G) and edge set E{G). The vertices are indexed by the integers 
1, ...,n = |V(G)|. For two vertices u and uv denotes the edge linking u to v. 
We denote by E{u) the set of neighbors of u. If S and T are two disjoint subsets 
of V{G), we denote by e{S,T) the number of edges linking S to T. 

Bisection. Let G = {V{G),E{G)) be an undirected graph with an even number 
of vertices. A bisection of G is a partition of vertex set V{G) in two equal size 
sets R and L. The value of the bisection is the number of edges between R and 
L. 



Paired Bisection. Let G = {V{G),E{G)) be a graph with \V\ = 2n and let a 
pairing II of Y(G) be fixed, II = {{mi,xi}, ..., {un,Vn}}, say, (with ^i<i<n{ui,Vi} 
= V{G)). We say that a bisection {R,L} of G is admissible with respect to 77, 
(admissible for short), iff it splits each pair {ui, Vi\, (i.e., for 7 = 1, . . . , n, either 
Ui € R and Vi € L or Vi € R and Ui € L). We call Paired Bisection the 
problem of minimizing the value of an admissible bisection where of course 77 is 
part of the data. (See the formal definition below.) 

Dense Instances. A graph with n vertices is S-dense if it has at least Sv? j2 
edges. It is everywhere-S -dense if the minimum degree is at least Sn. Similarly, a 
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2CNF formula or a set of equivalences on n variables is everywhere-S -dense if for 
each variable the total number of occurrences of the variable and its negation is 
at least Sn. A 2CNF formula (a set of equivalences) on n variables is 5-dense if 
the number of clauses (equivalences) is at least 5n^ . A set of instances is dense 
if there is a constant 5 > 0 such that it is ^-dense and a set of instances is 
everywhere-dense if there is a constant i5 > 0 such that it is everywhere-5-dense. 
So, everywhere-dense implies dense but the converse is not true. 

We now define the problems in question formally. 

Min 2 Sat 

Input: A 2CNF formula F. 

Solution: A truth assignment for the variables. 

Value: The number of clauses satisfied by the assignment. 

Min Eq 

Input: A set of equivalences. 

Solution: A truth assignment for the variables. 

Value: The number of equivalences satisfied by the assignment. 

Bisection 

Input: A graph G = {V{G),E{G)). 

Solution: A bisection of G. 

Value: The number of edges in the bisection. 

Paired Bisection 

Input: A graph (V{G), E{G)) with \V\ = 2n and a pairing 77 of V{G), 77 = 

Solution: A bisection of G which splits each pair {ui,Vi}. 

Value: The number of edges in the bisection. 

All these problems are minimization problems, i.e., a solution with value as 
small as possible is sought in each case. 

3 The Results 

Our main result is 

Theorem 1. Everywhere-dense Min 2Sat and everywhere-dense Min Eq both 
have ptas. 

In the course of proving Theorem^ we also obtain the next result, which has 
some interest in view of the fact that the approximability status of Bisection 
is wide open. 

Theorem 2. Paired Bisection is APX-hard. 
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Remark. It is easy to see that (simply) dense instances of Min 2Sat or Min Eq 
do not have a ptas \i P ^ NP. As far as we know, these are the only problems 
which are known to have a ptas in the everywhere-dense case but not in the 
dense case. 

The proof of Theorem Q occupies the rest of the paper. First, we give a den- 
sity preserving L-reduction from Min 2Sat to Min Eq (Lemma QJ. As already 
mentioned, the key step in the proof of Theorem C] is an L-reduction from Min 
Eq to Paired Bisection (Lemma EJ. The proof is then easily completed by 
adapting the ptas for everywhere-dense Bisection of [[j to obtain a ptas for 
everywhere-dense Paired Bisection. 

4 The Proofs 

Lemma 1. There is an L-reduction from Min 2 Sat to Min Eq. 

Proof. Let F be a set of clauses with at most two literals on n variables X\, . . . ,Xn- 
We construct a set of equivalences E as follows. We add a new variable y 
and we replace each clause li V Ij in F by the following set of equivalences: 
li = = ~'y- By inspection, one sees that if U V Ij is satisfied 

by some assignment, at most 2 of these 3 equivalences are true, so that the 
inequality opt{E) < 2opt{F) holds, showing that the first condition of the defi- 
nition of the L-reduction is satisfied. Now, suppose that we have a solution of 
E (an assignment A for the variables that appear in E). We can suppose that 
y = false in A since the complementary assignment satisfies the same number 
of equivalences. We consider the same assignment for the variables in F. Let B 
denote this second assignment. Now one sees that if li V Ij is satisfied by B then 
exactly 2 of the equivalences in E corresponding to k V Ij are satisfied, so that 
the values satisfy m{F,B) = m{E, A)/2, showing that the second condition of 
the definition of the L-reduction is also satisfied. 



Lemma 2. Min Eq and Paired Bisection are mutually L-reducible one to 
the other. 

Proof. Firstly we construct a L-reduction from Paired Bisection to Min Eq. 
Let G = (V{G),E{G)) be a graph and II = {{ui, r>i}, ..., {u„, Vn}} a pairing of 
V{G). For convenience, we consider that each pair in II is ordered. We can then 
represent a bisection (L,R) of G by a vector of n logical variables {a;i, ...,a:„} 
with the understanding that, if Xi = true then we put Ui in L and Vi in R and 
if Xi = false then we put Ui in R and Vi in L. 

Now, for each edge UiVj € E{G) we introduce the equivalence Xi = Xj. For 
each edge UiUj € E{G) or ViVj € E{G) we introduce the equivalence Xi = ~<Xj. 
Call E the set of all these equivalences. By inspection, one can see that an edge 
of G contributes to the bisection (L, R) exactly when the the corresponding 
equivalence holds. This implies clearly opt(E) = opt{G) and the L-reduction in 
one direction. 
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For the reduction in the other direction, we replace each equivalence Xi = ->Xj 
by the edges UiUj and ViVj and each equivalence Xi = Xj by the edges UiVj and 

ViUj. 

It is straightforward to check that the reductions of Lemma 3 and Lemma 4 
map an everywhere-dense set of instances into another everywhere-dense set of 
instances. 

Corollary 1. Paired Bisection is APX-hard. 

Proof. In |3j it is proved that the following problem is APX-hard: given a set of 
equivalences find an assignment that minimize the number of equivalences that 
we have to remove such that the new set of equivalences is satisfiable. There is 
a simple L-reduction between the above problem and Min EQ (we replace each 
equivalence ii = £j by £i = ^£j) that implies that Min EQ is APX-hard. The 
Lemma follows immediately from Lemma ^ 



Theorem 3. Everywhere-dense Paired Bisection has a ptas. 

As already mentioned, our ptas is a rather straightforward modification of 
the ptas of [Q for everywhere-dense Bisection. The main difference is the fact 
that in our case we don’t have to care of the “equal sides” condition which is 
implicit in the pairing 7T, and our algorithm is in fact simpler than that of [Q. 

Let the input be (G,7T) with 7T={{ui, ui}, ...,{u„, u„}} and G={V{G),E{G)). 
Let e be the allowed error and a = . As in we run two distinct algorithms 

and select the solution with the smallest value. The first algorithm gives a good 
solution for the instances whose minimum value is at least av? and the second 
for the instances whose minimum value is less than omf . 

1. First algorithm (Algorithm for the case of “large” bisection) 

Let yi indicate the side (0 for Left, 1 for Right) of the vertex Ui in the bisection 
(L,P). P use smooth polynomial integer programming for the instances with 
large optimum value. We just have to check that we can express the value of 
Paired Bisection as a degree 2 polynomial in the ?/i’s: 

aijViVi + X! 

where each \aij\ < c, \bi\ < cn, |d| < cn^ for some fixed constant c. We can use 
Paired Bisection = min E (2/^(1 -%) + %(! -2/0) 

UiVj£E{G) 

+ E [l-(2/*2/i + (l-2/*)(l-2/i))] 

UiUj £E{G) 

+ E [l-(22*2/i + (l-2/i)(l-2/i))] 

ViVj £E{G) 
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This program can be solved approximately in polynomial time by an algorithm 

ofQ. 

2. Second algorithm (Algorithm for the case of a “small” bisection) 

This second algorithm is again similar to that of IQ. However, it will be seen 
that important differences appear and we felt the need for a new (albeit sketched) 
correctness proof although this proofs relies heavily on p. Actually, the proof 
of correctness of the algorithm of for the case of small bisection relies on the 
property that one can assume that the vertices in one side of the bisection have 
no negative bias. (Lemma 5.1 in p. We define the bias of a vertex u as the 
difference between the number of edges it sends to his side in the bisection and 
the number of edges it sends to the other side.) There is apparently no analogue 
to this property in our case. Q use exhaustive sampling for the case of a “small” 
bisection. Here we sample the set of pairs II rather than the set of vertices. 
Actually, we will work with pairs all along the way. Let S be the set theoretical 
union of m = 0((logn)/J) pairs picked randomly from 77. We can assume by 
renaming that S = Vi}. 

Let (Lo,Ro) be an optimal admissible bisection of G and let Sl = S (1 
Lo, Sr = S r\Ro- Again by renaming, we can assume that Sr = {ui, ..., Um} and 
Sr = {v\, (Actually, the algorithm which does not know the partition 

{Sr, Sr), will be run for each of the 2™“^ admissible partitions of S.) 

As in P, the placement is done in two stages. In the first stage, pairs of 
vertices are placed on the basis of their links with S. (An important difference 
with the algorithm of P occurs here: in the algorithm of P, only “right” vertices 
are placed at this step.) In the second step, the remaining pairs are placed on the 
basis of their links with the vertices placed during the first step and with S. In 
the description below, we let L and R denote the current states of the left-hand 
side (resp. right-hand side) of the bisection constructed by the algorithm. Thus, 
we start with L = Sr, R = Sr. 

1. Let 

Ti = {i> m\ \r{ui)nSR\ + |r(z;i) < (|r(Mi) nS'il -i- |7”(ui) nS'_R|)/2} 

T 2 = {i> m: |7”(-«i) nS'il -I- |7”(z)i) n S'_r| < (|r(ui) n S'/?! -I- |r(ui) nS'L|)/2} 

For each i G Ti we put Ui in L and Vi in R. For each i G T 2 we put Ui in R 

and Vi in L. 

2. Let Li — Sr U (UigTi{ui}) U (UigTai^^z}) denote the set of vertices placed 

on the left side after the completion of stage 1, and similarly, let 7?i = 

Sr U (UigTi{fi}) U (UigTal^i}) denote the “right” vertices. 

Let J = {m + 1, ..., n}\{Ti U T 2 ). For each i G J 

(a) if \r{ui) n 77i| -I- \r{vi) n All < \r{ui) n Ai| -l- |7”(z)i) n 7?i| then we add 

Ui in L and Vi in 77; 

(b) otherwise we add Vi in L and Ui in R. 
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Let us sketch now a proof of correctness of the second algorithm, (algorithm 
for “small” bisection). We denote by opt{G) = opt{G, U) the value of an optimum 
admissible bisection of G. 

Lemma 3. With high probability, 

1. Ti contains each index i with the property that \r{ui) (Ti?o| + \r{vi) (TLo| < 
(|L(u,)nL„| + |r(u,)ni?„|)/4 

2. T 2 contains each index i with the property that \r{ui) (TLo| + \r{vi) (Ti?o| < 
(|L(u,)ni?o| + |L(u,)nLo|)/4 

Also with high probability, each pair in the set {{ui,Vi) : i € T^U T 2 } is placed 
as in the optimum solution. 

Proof. The proof is completely similar to that of Lemma 5.2 in Q and is omitted. 
We remark in passing that sample size 0{^flogn/S) suffices (instead of m = 
0((logn)/(5) used in P). 

Lemma 4. n - {m + |Ti| + IT 2 I) < 

Proof. The proof of this Lemma is again very similar to the proof of Lemma 5.3 
in P and is omitted. 

Lemma 5. If opt(G) < an^ then with high probability the ualue of the bisection 
giuen by algorithm 2 is at least (1 + e)opt{G) where e = . 

Proof. We need first some notations. Let U = Ui^j{ui,Vi} and let u = |J|. (U 
is the set of vertices which are placed during step 2.) Let Ul = U H L, Un = 
U R, Uff’* = C/ n Lo and = U C\ Rg. Let m{G,sol) denote the value 
of the bisection given by the algorithm, Let d{U) = e(f7i,C/fl) and dopt{U) = 
^ For each i G J, we define 

val{i) = \P{vi) n ill - \P{vi) n i?i| 

if the case (a) of stage 2 of the algorithm occurs for the index i, and 

val{i) = \P{ui) n Li| - \P{ui) n i?i| 

otherwise. We denote by di the number of edges of G with exactly one extremity 
in i?i . Let us check that we have 

m{G, sol) = di +^^val{i) + d{U). (1) 

ieJ 

Indeed, assume that case (a) occurs for the index i. (The treatment of case (b) 
is similar.) This means that Ui G L, Vi G R. Then, apart from edges linking Ul 
to Ur (which are separately counted), |T('i;i) fl Li \ new edges contribute to the 
bisection, and \P{vi) (T i?i| are to be subtracted, since they are counted in di 
and do not contribute to the bisection. 
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We see, using Lemma 0 that with high probability, the optimum value of an 
admissible bisection is 

opt(G) = di + E va,lopt{i) + dopt{U) 

ieJ 



where 

valopt{i) = |G(ui) n Li| - |r(z;i) n i?i| 

if Ui G and 

vaiopt{i) = \r{ui) n Li| - \r{ui) n Ri\ 

if Ui G . The bisection of U constructed in stage 2 minimizes '^i^j vul{i). 
We have thus 

- E UU^opt (^) ■ 

iGJ iGJ 

This implies, with (1) 



m{G, sol) < di + E 'cn^opt(^) T dopi(C/) dQpiiJJ) -t- diU) 

i€J 



= opt{G) - dopt{U) + d{U) < opt{G) + d{U) 

< opt{G) + < opt{G) + 

< opt{G) (l + 



using Lemma 8. 

The correctness follows now from our choice of a. 

5 Open Problems 

The major open problem is of course the approximability or inapproximability 
of Bisection. Can our approximation hardness theorem for Paired Bisection 
help? 

The true complexity of approximate Min 2SAT in the dense case is another 
interesting question. It is known that the case of “large” bisection can be done 
in constant time (see ^). Can overall constant time be achieved? 
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Abstract. We consider a first order timed logic that is an extension of 
the theory of real addition and scalar multiplications (by rational num- 
bers) by unary functions and predicates of time. The time is treated as 
non negative reals. This logic seems to be well adapted to a direct, full- 
scale specification of real-time systems. It also suffices to describe runs of 
timed algorithms that have as inputs functions of time. Thus it permits 
to embed the verification of timed systems in one easily understandable 
framework. But this logic is incomplete, and hence undecidable. To de- 
velop an algorithmic support for the verification problem one theoretical 
direction of research is to look for reasonable decidable classes of the ver- 
ification problem. In this paper we describe such classes modeling typical 
properties of practical systems such as dependence of behavior only on 
a small piece of history and periodicity. 



1 Introduction 

Requirements specifications of real-time systems involve various timed properties 
and timed constraints often containing arithmetical operations. Most formalisms 
used for the verification of real-time systems (e. g., temporal or duration logics 
IIKme0dlHa,n04IHen0slfi,ahhHl ) are rather limited (e. g. temporal logics do not 
have arithmetic operations) and can express the initial requirements specifica- 
tion neither directly nor completely. Usually they model some properties of the 
specification. However, these restricted formalisms are used as for them there are 
developed algorithms of verification (usually, of model checking) which computer 
implementation sometimes works. But limited modeling has two shortcomings: 
first, it does not cover the specification entirely, and second, it cannot justify 
that the modeling itself is correct. Another type of approaches to the verifica- 
tion is based on powerful logics like that of PVS Within this framework 

it is very hard to find reasonable decidable classes, not to speak about feasible 
ones, because of too abstract formalisms used. 

In the present paper we continue the study of First Order Timed Logic 
(FOTL) with explicit continuous time |Bb97blB!j97a| . A concrete FOTL is an 
extension of a decidable theory of reals (here we consider the theory of real ad- 
dition and scalar multiplications by rational numbers) by timed predicates and 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. lOO-^JUJ 1999. 

Springer- Verlag Berlin Heidelberg 1999 
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functions. For a large class of problems we can state the following properties of 
such a logic. First, it is sufficiently expressible from the user’s point of view to 
rewrite directly and entirely the requirements specification of the problem un- 
der consideration usually given in a natural language. For example, the property 
’’two x-events are never separated by exactly 1 time unit” can be directly rewrit- 
ten as the FOTL formula -<3tt' (x(t) Ax(t') A\t — t'\ = 1). Another example, the 
property ’’the average value of the clocks xi,...,x„ does not exceed d” can be 
directly rewritten as the formula Vt (xi(t) -I- ... -I- x„(t) < n ■ d) with t being 
a time variable. The presence of arithmetics permits to easily specify also such 
problems as clock synchronization that is impossible for commonly used tem- 
poral logics. For other examples see |HSt)7alHK0Hj . Second, FOTL permits to 
represent rather easily the set of runs of timed programs (e. g. the runs of Gure- 
vich Abstract State Machines or timed automata Third, we can 

describe decidable classes of the verification problem based on the fact that the 
underlying theory of reals is decidable. And we have in fact only one logic to 
consider as compared with numerous temporal logics. (The unifying framework 
for temporal logics or the version of Biichi’s second order monadic 






11 ^ 



logic for continuous time 
expressibility, though preserve the decidability.) 



neither give sufficient power of 



We look for decidable classes of the verification problem modeling some 
’’finiteness” properties of practical systems of control. The verification prob- 
lem can be treated as establishing the validity of some proposition {<P W), 

where 'P describes the requirements on functioning such as safety, dependabil- 
ity (liveness) and describes the environment (constraints on inputs, relations 
between functions external to the controller etc...) and the runs of the con- 
troller to verify. The ’’finiteness” properties are formulated in terms of formula 
interpretations and are called finite satisfiability and finite refutability. Finite 
satisfiability of a formula P says that every ’’finite piece” of any model of P is 
extendable to a ’’finitely definable” model of <P. Finite refutability says that if 
a formula is refutable, i. e. possesses a counter-model, the contradiction given 
by this counter-model is concentrated on a finite piece of a fixed size; and it 
must be so for every counter-model. The class of implications of our logic where 
the premise is finitely satisfiable and the conclusion is finitely refutable with a 
fixed complexity is decidable if the existence of the respective finitely definable 
counter-model is decidable. Thus, we have a decidable class of verification prob- 
lems of the mentioned form {P P), where P is finitely satisfiable and P is 
finitely refutable (with a fixed complexity). In the examples we looked at, the 
finite refutability of requirements of functioning, such as safety or dependabil- 
ity are easy to check. But on the whole to find interesting decidable sufficient 
conditions for this property remains an open problem. Concerning finite sat- 
isfiability, the situation is studied better, for example in jBS98IJ we show that 
formulas describing runs of reducible timed automata are finitely satisfiable, and 
that their reducibility is decidable. We consider a notion of finite satisfiability 
which concerns properties with the periodicity flavor. This notion is ultimate 
repetitiveness. Concatenations of ultimate repetitive models are also studied. 
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The structure of the paper is as follows. In section|2|we describe the FOTL we 
consider here. Section 0 contains the definitions of finiteness properties. In sec- 
tion 0 we prove that the existence of an ultimately repetitive model of a given 
complexity is decidable. This gives a decidable class of verification problems. 
Though the formalism under consideration is destined to analyze general type 
algorithms, e. g. Gurevich Abstract State Machines [Gur , we use as exam- 
ples timed automata to simplify the presentation and to compare our decidable 
classes with existing ones treated in the setting of temporal logics. 

2 First Order Timed Logic (FOTL) 

Syntax of FOTL. 

The vocabulary IF of a FOTL consists of a finite set of sorts, a finite set of func- 
tion symbols and a finite set of predicate symbols. To each sort there is attributed 
a set of variables. Some sorts are predefined, i. e. have fixed interpretations. Here 
the predefined sorts are the real numbers IR and time T=j^f ffi>o treated as a sub- 
sort of M. The other sorts are finite. One can use also boolean combinations of 
these sorts but here we will not do it. 

Some functions and predicates are also predefined. As predefined constants 
we take Bool for boolean values and Q for rational numbers. Addition -I-, sub- 
traction — and scalar multiplications of reals by rational numbers are predefined 
functions of the vocabulary. The predicates =, <, < over reals are predefined 
predicates of W. The vocabulary contains = for all types of objects, and the 
identity function id of the type T — *■ T to represent the current time. The 
part of the vocabulary concerning reals, rational and boolean constants will be 
sometimes called standard. 

Any abstraet function (i. e. without any a priori fixed interpretation) is of 
the type T x X R, and any abstract predicate is of the type T x X ^ Bool, 
where T is a direct product of finite sorts and R is an arbitrary sort. The sets of 
abstract functions and predicates are denoted respectively by Ypunct and Vpred] 
we set Ypunct U Vp^ed tl ■ 

A vocabulary W being fixed, the notion of term and that of formula over W 
are defined in a usual way. 

In this paper we consider a subclass of FOTL, that we will call FOTLq, 
where all the sorts are predefined, and all abstract functions and predicates are 
respectively of the types T ^ R and T ^ Bool. Notice that for a fixed interpre- 
tation of abstract sorts of a given FOTL (if not to care about complexity) any 
FOTL-formula can be replaced by an equivalent FOTLo-formula over another 
vocabulary (of larger cardinality in the general case). 

Example 1 (Vocabulary for Timed Automaton.) Before defining the se- 
mantics of our logic, we give a vocabulary IF 4 to describe total runs of a timed 
automaton A = {S, Smit, C, p, E). In this notation the set S' is a set of locations, 
and Sinit G S is the initial location. The set C is the set of clocks of A, p is 
a function which ascribes to each location s a guard p{s), the latter being a 
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formula constructed from atoms true, false, cun, where c S (7, n € N and 
u G {>,<,=}, with the help of A and V. And the set E is the set of edges of A 
which describe possible transitions. Each edge e G E is of the form {s,s',X,5), 
where s is the location of departure, s' is the location of arrival, A C C is the 
set of clocks to reset to 0, and (5 is a guard that must be satisfied in order to 
fire this transition. The clocks that are not reset to 0, continue to augment. For 
details see |AD94| . An example of timed automaton is shown on Figure ^ and 
will be commented later. 

The vocabulary contains, in addition to the standard part and id, the 
sort S consisting of elements of S, and the set C of abstract symbols constituted 
of symbols c for clocks, each one of the type T ^ T, and of symbol loc of the 
type T ^ S. The value eft) represents the value of the clock c at the moment t 
and locff) represents the location of the automaton at the moment t. 



Semantics of FOTLq. 

The admissible interpretations introduced below can be motivated by arguments 
related to hybrid systems (cf. jACHH93ITra,98j L As admissible interpretations 
of the closed formulas of our logic we consider functions and predicates that 
are piecewise finitely defined. For predicates this means that they are piecewise 
constant. Before giving a precise definition of admissible interpretations take 
as an example interpretations of function symbols describing runs of a timed 
automaton A. Each unary function symbol c will be interpreted as a piecewise 
linear function of time with coefficient one, i. e. c(t) = t — a for r G [t, t'), where 
t > a and [t, t') is an interval of the partition defining these linear pieces, and 
the function symbol loc will be interpreted as piecewise constant function. 

We assume that for every abstract function f of type T ^ R there is fixed 
a term U / with values of type R constructed only from constants, variables and 
predefined functions. The vocabulary of FOTLq does not give many possibilities 
to construct Uf. We will limit even these possibilities, in fact not essentially, and 
will consider the following types of terms: first, those of the form z with z being a 
variable for an abstract sort (representing abstract constants of the type R) if R 
is an abstract sort, and second, the terms of the form ^ot + ^io + z, where 
can be chosen from a finite set Sf C and t, a and z are real variables which 
role is fixed as follows: t is the time variable standing for the time argument, 
a is the left end of the interval on which we consider our function, and z is a 
real parameter. (We cannot make ^q and variables as adding the sort Q to 
our vocabulary destroys the decidabilities we wish to prove.) For a particular 
vocabulary we fix the sets Sf for abstract / of the type T ^ K. 

For a time interval f we denote by and respectively its left and right 
ends. 

We will write Uf also as Uf{t,a,^o,^i,z) to make explicit the parameters, 
the dummy or fixed parameters will be omitted. If a concrete value zq of z is 
given and some (Co,^i) G is chosen then for t G f the value f{t) will be 
defined as fft) = U f{t, , ^q, ^i, zq). For example, the interpretations of loc are 

defined by the term Uioc(z) = z, where z is a variable of type S. To say that an 
interpretation loc* of loc has the value Si on f, we say that on f the function loc 
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is defined by its term Uioc(z) for the value of the parameter 2 ; = and write 
loc* (t) = Uioc{si) = Si for t € C- An interpretation c* of a clock c which says that 
c has been reset to 0 at the moment to is defined to the right of to for example 
by the term Uc(t, (^~ , 1, 0, —to) = t — to until the next reset or until 00 . 

Define also Uid as t, Up{t) for P G Vpred as B, where is a Boolean variable, 
and thus, C// is attributed to every f GV. 

A partition of T is a sequence tt = (Ci)iglv empty disjoint intervals 

where: (1) iV is a prefix of N, (2) IJielvCi = (3) Ci*" = Ci+i for 0 < t < 

|A^| — 1, (4) = 0, = 00 if is finite and k is its last element. 

Consider an abstract f G V (its type is T ^ R). An interpretation /* of / is 
admissible if there exists a partition tt = (Ci)ig 7 v ^ function S : N Ef x R 
(if R is an abstract sort then Ef is useless and can be dropped off) such that 
f*{t) = U*j{t,C~ ,5{i)) for t G Ci and i G N. Such a partition tt is an admissible 
partition for the interpretation /* . 

Example 2 The pair of sequences 

TT = (([0, 1), [1, 3.7), [3.7, 00 )), (5 = (so,si,S 2 )) defines the piecewise in- 
terpretation of loc such that loc*[t) = = 5(0) = sq for t G [0,1), 

loc*{t) = fo’^ ^ ^ [1)3.7) and loc*(t) = Ui^^{d{2)) = S 2 for 

t G [3.7, 00 ). 

Now take Ec = {(1, —1), (1, 0)} for a clock c. The same tt and 
Sc = ((1, —1, 0), (1, —1, 0), (1, 0, —3.7)) give the following interpretation c* of c: 
Uc{t, 0, 1, -1, 0) = t for t G [0, 1), Uc{t, 1, 1, -1, 0) = t - 1 for t G [1, 3.7) and 
Uc{t, 3.7, 1, 0, —3.7) = t — 3.7 for t G [3.7, 00 ). This interpretation says that the 
clock is reset to 0 at the beginning of each interval of the partition. 

An (admissible) interpretation of fo is a set of admissible interpretations, one for 
each abstract element of V . Together with the interpretation of sorts this gives 
an interpretation of the entire vocabulary IT. As fo is finite we may assume that 
any its interpretation is defined by a common partition which is admissible for 
all these interpretations of functions and predicates. Such an interpretation can 
be described as (tt, (5/) f^v) or {(i, where tt = (Ci)ig]v ^ partition and 

Ei = ((Sf(i))ftcv) is a list S/(i) of parameters defining / on (i, i G N. We will 
call such a sequence {Q, an interpretation over the partition tt = (COiglv- 

Let V* be an interpretation of V. For any t G T we denote by V*{t) the 
vector composed by the values of functions and predicates oi V at t given by 
V* . Each such vector will be called a state over V or W. For t G Q we have 

V*{t) = (r(t))/6V = (C//(t,C-,5(*))/6y). 

The closed formulas of our logic are evaluated only over just defined admis- 
sible interpretations. The notations A4 \= F, A4 ^ F and \= F will respectively 
mean that the admissible interpretation A4 is a model of a formula F, is a 
counter-model of F and that F is valid, i. e. every admissible interpretation is a 
model of F. 

In this logic we can describe the runs of Gurevich Abstract State Machines 
or runs of timed automata jRS98| . 
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3 Finiteness Properties 

Finite partial interpretations (FPI). 

A (partial) interpretation element with support ( is pair of the form (^, A), 
where C is an arbitrary interval, and A is a list of values of parameters, each 
value defining an interpretation of an abstract symbol of V over 

A partial interpretation of F is a set of disjoint interpretation elements 
(Ci, / C N. Its support is the set IJ^ (i. A finite partial interpretation 

(FPI) of F is a partial interpretation with finite number of elements. A (total) 
interpretation with finite number of elements will be called finite interpretation. 
The complexity of a FPI is the number of its intervals, i. e. |/| . ”FPI of complexity 
fc” or ”/c-FPI” will mean that the complexity of the FPI is k. 

A fc-FPI which support is T and that together with the interpretation of 
sorts and predefined symbols constitutes a model of a formula G, will be called 
a k-model of G. 

A partial interpretation M' is an extension of a partial interpretation Ad 
if every interval of Ad is contained in an interval of Ad', and the restriction of 
functions of Ad' on intervals of Ad gives functions of Ad. 

We will define the finiteness properties in terms of FPI contained in models 
or counter-models Ad of the formulas under consideration. 

Finite Refutability and Finite Satisfiability. 

A formula G is finitely refutable with complexity k if for every counter-model Ad 
of G there is a fc-FPI Adi that is a restriction of Ad such that every extension 
of Adi remains a counter-model of G. 

Let C be a class of interpretations. Let a be a total computable function from 
N to complexity of interpretations that can be represented either by one or two 
natural numbers depending on the class under consideration. A formula G is 
C-satisfiable with augmentation a if for every /c-FPI Ad extendable to a model 
of G there is a model from C with complexity a{k) which is an extension of Ad. 

An interpretation Ad is ultimately repetitive of complexity K and of period h 
if it can be represented as {Q, where either |A^| = K, or 



A^ = N and V n > 0 



K-l 



'y ^ \f(nK+i) I — h 



i=0 



K-l 
i=0 

If |A^| = K then Ad is a finite interpretation of complexity k (this case was 
considered in |BS98j L 

Notice that if each 17/ is of the form z for an abstract z or of the form 
Uf{t, a, z) = f{t — a) + z then ultimately repetitive means ultimately pe- 

riodic. 

We denote by UTZ and T respectively the classes of ultimately repetitive and 
finite interpretations. Finite satisfiability means C-satisfiability for C = G7?., T . 
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Example 3 Consider n clocks Ci, 1 < i < n and 2 formulas S' and 'P, the 
first one describing the behavior of these clocks and the second one saying that 
infinitely often the average value of the clocks is 1: 

^=df (0<ti<<AVre Ci(r) = t - ti ) , 

<P=df- yt3t' > t = n. 

The conjunction F=j^j {<P /\'P) is f^7?,-satisfiable with augmentation 
a{k) = k{n + 2). Indeed, take any model M. of F, and let M\ be some restriction 
of complexity k. Let to be a time moment that lies to the right of the support of 
We can extend on [0,to) to a A:(n + 2)-FPI by suppressing for each clock 
all its resets to 0 between 2 consecutive connected components of Ad i except the 
last one and all its resets to 0 between the last connected component of Adi and 
to- Then we reset each clock to 0 at time moments to + 2fc for k G N, and thus, 
we get a model of F in the class UTZ of complexity a{k) if (1, —1) G for all 
z. It is clear that F is not iF-satisfiable whatever be the choice of the Sa- 

Remark 1 In |BSflR| we used more general notions of finite refutability and 
finite satisfiability where the involved models were considered up to some equiv- 
alence over states. The notions of this paper can be also extended in this way. 
In [BSfiRj we proved that the formula representing the runs of a reducible timed 
automata is A"-satisfiable, and the reducibility is decidable. A timed automaton 
is reducible with a threshold L if any its run having more than L changes of 
states can be replaced by an equivalent run having not more than L changes. 

Remark 2 Finite refutability of properties of functioning of real time sys- 
tems often takes place. E. g. safety and dependability (liveness) properties of 
the Generalized Railroad Crossing Problem (see Esnzi) are clearly finitely 
refutable. Concerning, say, the critical section problem the safety is always 
finitely refutable. As for liveness it is not the case unless we bound the wait- 
ing time of each process and suppose that the density of changes of functions 
and predicates is bounded. The latter hypotheses are justified from practical 
point of view. 

Remark 3 Intuitively finite satisfiability of an algorithm means that every its 
run is reducible in the following sense: every interval of the run can be replaced 
by a piece of bounded complexity with respect to the class C under considera- 
tion. Many control algorithms possess this property which is, in a way, a finite 
memory property (which holds for the controllers of the problems mentioned in 
the previous remark). 

4 Decidable Classes of the Verification Problem 

Remind that the satisfiability and validity of FOTLo-formulas are defined for 
fixed Uf. Denote by VERIF{C,k,a) the class of FOTLo-formulas of the form 
{(p F), where F is finitely refutable with complexity k and <P is C-satisfiable 

with augmentation a. 

The initial observation to describe the decidable classes is the following one: 
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Proposition 1 Let C be a class of interpretations. Suppose that the existence 
of a counter-model of a fixed complexity from C is decidable for closed FOTLq- 
formulas. Given k, the validity of formulas from VERIF{C,k,a) is decidable: 
such a formula has a counter-model iff it has a counter-model of complexity a{k) 
in C. 

Proof. A counter-model of an implication is a model of the premise and a 
counter-model of the conclusion. The conclusion <F is finitely refutable. Suppose 
there is a counter- model Ai of F — {<P <F). Take its /c-FPI restriction Ati 

which extensions are counter models of F. For this FPI there exists an extension 
in C which is a model of the premise L> with complexity a{k). It gives the desired 
counter-model of {<P ^ F). ■ 

V. Weispfenning’s Quantifier Elimination Theorem. 

In |Weihll| V. Weispfenning gives a quantifier elimination for theory L” with 
mixed variables, namely variables over reals and variables over integers. The 
vocabulary of L" consists of two just mentioned sorts: reals K and integers Z C IK, 
rational numbers Q as constants, (binary) addition, scalar (unary) multiplication 
by rational numbers, integer part [J, congruences =„ modulo concrete natural 
numbers n. We consider the vocabulary without congruences as the latter can 
be eliminated, see IWeihDI . The first part of the Corollary 3.4 of IWeihDI says 
that there is an algorithm assigning to a given L"-formula F a quantifier-free 
L"-formula that is equivalent to F. 

Existence of ultimately repetitive models. 

Remark that each abstract function of time with abstract values can be modeled 
by a finite number of predicates, and, hence, eliminated. Thus we assume that 
all abstract functions are of the type T — > IK. 

Let G be a closed FOTLo-formula and AT > 0 be a number limiting the 
complexity of ultimately repetitive models. We consider the difficult case whether 
there exists a model with non trivial repetitive part (the existence of a finite 
model was considered in ESHBI)- 

The atomic formulas of G are either of the form P{9{T)) or of the form 
9{T)uj9' {T') where T and T' are lists of real or time variables, 9{T) and 9'(T') 
are terms and uj is an arithmetic relation (=, <, <, . . .). Time variables can be 
trivially eliminated; thus we assume that there are only real variables. To simplify 
the atomic formulas containing abstract symbols we first apply the equivalences: 

P(0(T)) ^ VT(r = 0(r)^P(r)), 

9{T)oj9’{T’) ^ Vtt' ((r = 9{T) At' = 9’{T’)) tujt'). 

Every term 9{T) is either of the form Lp(rj(fr)), where is a unary function 
and rj{T) is a term, or of the form rji{Ti) -\- . . .-\-rim{Tm)^ where r]i{Ti) are terms, 
1 < z < m. Now using the equivalences 
T = (p{r){T)) ^ Vr'(r' = r]{T) ^ r = (p(r')), 

-r = m(Ti) + . . .+rimlTm) ^ Vr{ . . .Vr(„ (A™i r' = ijfTi) ^ r = r(-k. . .-kr^), 
all atomic formulas containing abstract symbols can be reduced to ones either 
of the form P(t), where P is a unary predicate and t is a variable, or of the form 
t = :p>(t), where is a unary function and t, r are variables. 



108 



D. Beauquier and A. Slissenko 



The fact that the set S'/ of parameters which appear in [// is fixed and finite 
for every f G V permits to express the existence of an ultimately repetitive 
model of complexity if of G as disjunction V/ev V({o Ci)eS/ existence of 

reals 0 = Og < < . . . < a'j^ and 0 = ag < oi < . . . < ax = h that define 

a partition of time, and lists of values defining the functions and predicates on 
the intervals of this partition. It suffices to consider only the latter existence of 
reals for fixed parameters (Coi'Ci) for each /. The lists of values are as follows. 
For each predicate P of G there exist lists I'p n - ■ ■ ,l'p k 1p,u ■ ■ ■ ,1p,k 
that define the values of P{t) respectively as 7 p^ on and as ypy on 

ak,i)=df [a'j^ + k ■ h + ai-i, a'j^ + k ■ h + ai) for /c G N and 1 < i < K . For 
each function / of G there exist A/ ^ , . . . , A/ p- and A/p , . . . , A /,p- such that f{t) is 
defined as C//(t, a' ^o, A/_^-) on ) and as G/(t, ^o, A/j) 

on xp O/,; 7 ^). 

Eliminate from G all the abstract symbols in the following way. Assume that 
all bounded variables of G are pairwise distinct (one can consider that G is in a 
prenex form). 

Replace every occurrence of each atomic formula of the form P{t) by 

A ( f G K-i.«D ^ l'p,i = 1 ) 

i 

A\/k l\{tG [ak,(i-i),ak,i) lP,i = 1 ) (1) 

i 

and every occurrence of each atomic formula of the form x = f(t) by 
A ( ^ G Ki_i,a') ^ x = G/(t,a'_i,^g,^i, A/p) ) 

i 

A V A; ^ G 1) 5 Otk^i) ^ X = t//(t, OCk^(i— 1) j 5 A/p) ) (2) 

i 

Denote by G the formula obtained from G after these transformations. Denote 
by R the formula which is a conjunction of inequalities Q = a ^ < ... < a'p- 

and 0 = og < Qfi < . . . < ax = h, and of the disjunctions (yp^ = 0 V 7 p ^ = 1) 
and (ypp = 0 V ypp = 1) for all i and P. Denote by 77 the list of all variables 
o', a^, jp^i, 7 pp, A/p, A/p except h. 

Denote by Gg the formula 3 73 77 Gg, where Go=d/ (7? A G). 

Proposition 2 A formula G has an ultimately repetitive model of complexity 
K AA ^ Gg. 

The formula Gg is not a L"-formula as it contains mixed binary multiplica- 
tions in atoms of the form tuj{k ■ h + z\ + Z 2 ), where oj G {<, <, >, >}, t and 
z are variables for reals, 7 is a variable mentioned above and 7 is a variable 
for integers. All the other atoms are of the form ai • zi 3- . . . 3- a„ • z„wc with 
Oi, c G Q and Zi being real variables. Divide the both types of inequalities by 7. 
Underline that 7 > 0 and is common for the whole formula. The bijection z 
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preserves the order relations and commutes with the operations over reals. Re- 
placing expressions where z is a variable, by new variables we get a formula 
G\=j,f3h3 n G\, that is valid iff Go is valid and such that all atoms of Gi are 
of the form toj{k + z\ + Z 2 ) and ai ■ zi + . . . + an ■ where c is a concrete 

rational number. Now separate ^ from this formula introducing new variables 
Xc, one for each constant term. Formula Gi is equivalent to the formula 

G2=df3h3xc{ f\xc= ^ A G 2 ) , 

C 

where Xc is a list of variables Xc for all constant terms c, and G 2 is an L"-formula 
not containing h (remark that a more natural way is to use universal quantifiers 
over Xc but here one can use the existential ones). Now eliminate quantifiers in 
G 2 by Weispfenning’s elimination. We get a formula 

Gs=dj 3h3xc{ /\xc = ^ A G 3 ) , 

C 



where G 3 is quantifier free. Replacing back Xc by we get an equivalent formula 

G4=dj 3 h Gi, 

with Gi having as atoms inequalities of the form 



E 



di 



- h 



bih Ci\ ~ 3~ Bh G to 0, 



( 3 ) 



where all the letters different from h stand for concrete rational numbers. Thus 
the initial decidability problem is reduced to the existence of a solution of a 
system of inequalities of the form 021) with one real unknown h. One can prove 
that the latter problem is decidable. Hence, 



Theorem 1 The existence of an ultimately repetitive model (or counter-model) 
of a given complexity is decidable for closed FOTLq- formulas. 



Chains of Repetitive Interpretations. 

We say that an interpretation is a chain of ultimately repetitive interpretations 
of complexity {K, M) if it is a concatenation of at most (M — 1) prefixes of 
repetitive interpretations and of one (infinite) ultimately repetitive interpreta- 
tion, each of complexity K. Sure, such a concatenation demands an appropriate 
time translation. We denote the class of chains of ultimately (quasi)-repetitive 
interpretations by UTZ* . 

Two other notations: UTZ*{K,M,II) is the set of interpretations of UTZ* 
with complexity {K, M) and with all period lengths in a set 7T C Q; UTZ* (7T) 
is the set IJic m U{Q)TZ* {K , M , U) . 

Proposition 3 Given a finite set of period lengths U and natural numbers 
K, M the existence of a ( counter-) model from UTZ* {K, M, II) is decidable for 
FOTLq - formulas. 
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Together with Proposition Q] it gives 

Theorem 2 Given a k, a and a finite set II G Q, the validity of formulas 
from VERIF{C,k,a) is decidable for C = UTZ,UTZ*{II). 

The complexity of the decision procedure is determined by the complexity of 
Weispfenning’s Quantifier Elimination and by the complexity of our reductions. 

The complexity of Weispfenning’s Quantifier Elimination is 2 , where I is 

the length of the formula (presumed to be in a prenex form), n is the number of 
variables and a is the number of blocks of alternating quantifiers. Our reductions 
add 0{a{k)\V\) variables and (together with transforming the formula into a 
prenex form) augment the size of the initial formula exponentially in the general 
case. 

Example 4 (f^7?.*-satisfiable but not Z^7?.-satisfiable formula.) 

Consider the set of runs of the automaton on Figure ^ It is described by some 




Fig. 1. An automaton with runs being chains of repetitive interpretations. 



formula, but we will speak about the set. This set of runs is not f^7?.-satisfiable. 
Suppose that it is f^7?.-satisfiable with augmentation a, and a(l) = Nq. Take a 
model Ad such that at moment tg = IVq + ^ we have loc{to) = si, x(to) = ^ and 
y(to) = 0. The 1-FPI with support to can be extended to a model, but any such 
extension has complexity at least JVq + 1 whatever be the choice of and Sy. 

In a similar way one can prove that the set of runs is UTZ*{{1, 2})-satisfiable. 
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Abstract. We present a type-theoretic encoding of extensible objects 
and types. The ambient theory is a higher-order A-calculus with poly- 
morphic types, recursive types and operators, and subtyping. Using this 
theory, we give a type preserving and computationally adequate transla- 
tion of a full-fledged object calculus that includes object extension and 
override. The translation specializes to calculi of nonextensible objects 
and validates the expected subtyping relationships. 



1 Introduction 

The attempt to reduce object-oriented programming to procedural or functional 
programming is motivated by the desire to give sound and formal foundations 
to object-oriented languages and their specific constructs and techniques. The 
research in this area initiated with Cook’s work [Coo87,Coo89] on the generator 
model, and Kamin’s self- application semantics [Kam88]. Refined formulations of 
the generator model were later proposed by Bruce [Bru94] to give interpreta- 
tions of class-based object calculi. A number of encodings for object-based calculi 
have then been formulated by Pierce and Turner [PT94], Abadi, Cardelli and 
Viswanathan [AC96,ACV96,Vis98], Bruce, Pierce and Cardelli [BCP97], and by 
Crary [Cra98]. These interpretations apply to a rich variety of object calculi with 
primitives of object formation, message send and (functional) method override: 
they succeed in validating the operational semantics of these calculi as well as 
the expected subtyping relations. 

None of these proposals, however, scales to calculi of extensible objects, where 
primitives are provided for modifying the size of an object with the addition 
of new methods. Method addition poses two major problems: the hrst is the 
need for MyType polymorphic typing of methods, to allow method types to be 
specialized when methods are inherited; the second arises from the combination 
of subtyping and object extension [FM95]. 

The interpretation we present in this paper addresses both these problems. 
Our source calculus features extensible objects in the spirit of the Lambda Cal- 
culus of Objects [FHM94] and snbsequent calculi [FM95,BL95,BB98]. MyType 
polymorphism is rendered via motc/i-bounded polymorphism, as in the system 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 112-123, 1999. 
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we developed in [BB98] . Subtyping, is accounted for by distinguishing extensible 
from nonextensible objects as suggested by Fisher and Mitchell in [FM95]. 

As in other papers on encodings, our interpretation is a translation of the 
source object calculus into a polymorphic A-calculus with recursive types and 
(higher-order) subtyping. In the encoding, extensible objects are represented as 
recursive records that include “selectable” methods, “method updaters” invoked 
upon override, as well as “method generators” that reinstall selectable methods 
upon extension. The contributions of our approach can be summarized as follows. 

Firstly, it constitutes the first^ interpretation of extensible objects into a fully 
formal functional calculus. The interpretation is faithful to the source calculus, 
as it is computationally adequate and validates the typing of terms. 

Secondly, the translation specializes to the case of nonextensible objects, val- 
idating the expected subtypings: although we focus on one particular calculus - 
specihcally, on one approach to combining object extension with subtyping - the 
translation is general enough to capture other notions of subtyping over object 
types (notably, the notions of covariant and invariant subtyping of [AC96]). 

The rest of the paper is organized as follows. In Sections 2 and 3 we review 
the object and functional calculi used in the translation. In Sections 4 and 5 we 
describe the translation of extensible objects. In Section 6 we discuss the inter- 
pretation of nonextensible objects and various forms of subtyping relationships. 
In Section 7 we discuss related work and some final remarks. 

2 Extensible Objects and Types 

The source calculus of our translation, called Db+, is essentially a typed version of 
the Lambda Calculus of Objects of [FHM94] . There are two differences from the 
original proposal of [FHM94]: (i) the syntax of 0b+ is typed, and (ii) methods 
are ^-abstractions instead of the A-abstractions of [FHM94]. The typed syntax 
is useful in the translation, as it ensures that well-typed objects have unique 
types. The choice of <r-binders makes the syntax of Db+ a proper extension of the 
the typed c-calculus of [AC96] , and thus it facilitates comparisons with previous 
translations in the literature. 

Types and Terms. An object type has the form pro(X)((mi:i3i{X}*^^^ '”^): it de- 
notes the collection of objects with methods that, when invoked, 

return values of types B\, , Bn, respectively, with every free occurrence of X 
substituted by the pro-type itself. Types include type variables, denoted by X, 
U, .... The syntax of terms is defined by the following productions: 

a,b::=x, variable 

<j{V,A){mi = c(a; : object (mi distinct) 

a < — I- m=^(U, A)c(a; : U)6 object extension 

A)(;{x : U)6 method override 

a <= m method invocation 



^ But see [BDZ99] in these proceedings, for a similar approach. 
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An object is a collection of labelled methods: each method has a bound variable 
that represents self, and a body. In the above productions, the type A is the type 
of the object, and the type variable U is MyType, the type of self. This format 
of terms is inspired by [Rem97] and [Liq97]. Unlike those proposals, however, 
we use two operators for overriding and extension: this choice is well motivated, 
as the two operations are distinguished by our interpretation. The construct for 
extension allows the addition of a single method: a simple generalization of the 
syntax (and of the typing rules) would allow multiple simultaneous additions. 
The relation of top-level reduction (cf. App. A) extends the reduction relation of 
[AC96] , with a clause for method additions (this clause simplifies the correspond- 
ing clause used in [Rem97]). The reflexive and transitive congruence generated 

by reduction is denoted by results are terms in object form (cf. App. A). 
We say that a closed term a converges - written a ]}-obj - if there exists a result 

V such that a v. 

Type System. The type system of Db+ relies on the same form of (implicit) match- 
bounded polymorphism we studied in [BB98] for the Lambda Calculus of Objects 
[FHM94] . The typing rules (cf. App A) generalize the corresponding typing rules 
of [AC96] for nonextensible objects. (Val Extend) requires the object a being 
extended to be a pro-type: method addition is thus typed with exact knowledge 
of the type of a. (Val Send) and (Val Override), instead, are both struetural, 
in the sense of [ACV96]. In both rules, the type A may either unknown (i.e. a 
type variable), or a pro-type. When A is a pro-type, the operation (invocation 
or override) is external, when it is a type variable, the operation is self-inflicted-. 
in both cases. A, (hence the object a), is required to have a method m with type 
B. In (Val Override), the typing of the method ensures that the new body has 
the same type as the original method: the bound for the type variable U, denoted 
by r{A), is either A, if A is a pro-type, or the current bound for A declared in 
the context T. 

3 The Functional Calculus 

The target calculus of the translation is a variant of the omega-order poly- 

morphic A-calculus Ff.. with (higher-order) subtyping, extended with recursive 
types and operators, recursive functions and records, and local definitions. Types 
and type operators are collectively called constructors. A type operator is a func- 
tion from types to types. The notation A :: IK indicates that the constructor A 
has kind 3C, where 3C is either T, the kind of types, or IK ^ IK, the kind of type 
operators. The typing rules are standard (see [AC96], Chap. 20). The following 
notation is used throughout: Op stands for the kind T T; A < B denotes 
subtyping over type operators; if A is a constructor of kind Op, A* denotes the 
fixed point /r(X)A(X) of A; dually, for A :: T = y:i(X)B(X), is the type opera- 
tor A(X)B(X) :: Op corresponding to A. The syntax of types and terms, and the 

reduction rules for are standard (cf. App. B). Evaluation, denoted by 
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is the transitive and reflexive congruence generated by reduction; results include 
A-abstractions and records. We say that a closed term a converges - written 
a ii-fun u - if there exists a result v such that a v. 

4 Overview of the Translation 

Looking at the typing rules of Qb+, we may identify two distinguished views 
of methods: the internal view, in which methods are concrete values, and the 
external view where methods may be seen as “abstract services” that can be 
accessed via message sends. The polymorphic typing of methods reflects the 
internal view, while the external view is provided by the types of methods in the 
object types. Based on this observation, our translation splits methods into two 
parts, in ways similar to, but different from, the translation of [ACV96]. Each 
method rui is represented by two components: associated with the actual 

method body, and which is selected by a message send. 

Given A = pro(X)((mi : the components are collected in 

the abstract interface associated with A, which is represented by the type opera- 
tor A'” = A(X)[m®®^ : Bi{X}]*^[^ -”l (here, and below, is the translation of Bi). 
The type A, instead, is represented as the recursive record type A = : 

V(U < A™)U*^Bi{U*}, mf®* : B^ {X}]®^[^- "1. Note that the polymorphic compo- 
nents are exposed in the type, as they will be needed in the interpretation of 
object extension. The translation of objects parallels this interpretation of object 
types. Letting A°'’ = A(X)[mf'^ : V(U < A'”)U*^B,{U*}, mf®' : Bi{X}]*^[i-"l, 
the translation of an object <^(X,A)(mi = <;(x : is the recursive 

record satisfying the equation a = = 4(U < A™)A(x : U*) [[&i] = 

a.mf°*^(A°'’)(a)]*^[^- ”l, where |6i]] is the translation of the body bi. Method 
bodies, labelled by the mf°^*^’s, are represented as polymorphic functions of the 
self parameter, whose type is U*, the fixed point of the type operator U. The 
constraint U < A'” ensures that U* contains all the mf®^’s, thus allowing each 
method to invoke its sibling methods via self. The mf®* components, in turn, are 
formed by self-application: method invocation for each mi may then safely be 
interpreted as record selection on 

Method Override. Method override is accounted for by extending the interpreta- 
tion of objects with a collection of updaters, as in [ACV96]. In the new transla- 
tion, each method is split in three parts, introducing the updater The 

function of the updater is to take the method body supplied in the override and 
return a new object with the new body installed in place of the original: overrid- 
ing mi is thus translated by a simple call to mf^^. The typing of updaters requires 
a different, and more complex definition of the abstract interface. The problem 
arises from self-inflicted overrides: if a self-inflicted override is to be translated 
as a call to the updater, the updater itself must be exposed in the interface 
A™ used in the type of the polymorphic components. But then, since the poly- 
morphic components and the updaters must be typed consistently, the updaters 
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must be exposed in the interface A™ used in the type of the updaters themselves. 
This leads to a definition of the interface as the type operator that satisfies the 
equation A'” = A(X)[m7‘* : (V(U < A™)U*^Bi{U*})^X, mf' : B*{X}]. 



5 The Translation, Formally 



The translation is given parametrically on contexts. Parameterization on con- 
texts is required to ensure a well-defined translation of type variables. 



Table 1: Translation of Types 



A = pro(X)(mi : Bi{X}>*e[l ■■"] 
ir',x^yi,r">x]™ = X 

|r>A]™ = /.(Y)A(X)[m7'^:(V(U<Y)U*^Ir,X>Bi{X}]TY{x:=U*})^X, 

mf* : lr,Xc>Bi{X}]TV]ie[l..nl) 

ir',x<#A,r">x]°p = X 

lr>A]°P = A(X)[ ext : V(U< [r>A]™)U*^U* 

^poly .V(u< ir>Ai™)u*^ir,x>Bi{x}]TY{x:=u*}, 

. (Y(u< |rt>A]'”)u*^[r,x>Bi{x}]T'’{x:=u*})^x, 

|r',x,r">x]'^’^ = X 

ir',x^A,r"i>xpY ^ X* 

ir>A]Tv A ext : V(U < [r>A]™)u*^u* 

^poiy . ^ |r> A] ™)u*^ [r,x> Si{x}F^{x:=u*}, 

m^pd . [rc>A]™)u*^ir,x>Bi{x}pY{x:=u*})^x, 



The translation of types is by structural induction. As in [AC95] , the treatment of 
object types depends on the context where they are used: in certain contexts they 
are interpreted as type operators, while in other contexts they are interpreted as 
types. From the translation of contexts and judgments (cf. Table 3), we see that 
[ • ]] ™ and [[ • ]] ^'’ are used, respectively, in typing statements of the form a : A, 
and matching statements of the form A<^ B. The translation | is used in 
the translation of terms in Table 2 below, which also explains the presence of 
the ext field in |-]]'^^ and 

For the translation of terms, we first introduce a recursive function that forms 
the (recursive fold of) the record with the and components, 

together with the ext field needed to encode object extension. There is one such 
function for each type object type A. 
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letrec mfco6jA(/i : V(U < [ T l> A] : [n>Ap'^ = 

let SELF : [ _T l> A ] = mkobjA{fi) ■ ■ • (/«) in 

fold([^>Ar^ 

[ea;f = yl(U < [_ri>yl]™)A(2; : U*)a; 

mr'" = fi, 

w-r'* = \{g : V(u < [r> A]™)U*^Bi{U*})mA;o6jA(/i) ...(g)... {/„), 
mr* = unfold(SELF).mf°*^( [ T > °'’)(SELF)]*^f^-'"i) 

where A = pro(X)(mi : , and B; {U*} = [ -T, X > Bi{X} | '‘^’^{X;=U*}. 

Table 2: Translation of Terms 



lri> ^(U, d)(mi = <;{x : U)foi}*s[l--"1 J = 
mkobjA{A{U< [r>A]™)A(s : U*) [r,U<#d,s : U > 6i ] 
where A = pro(X)(mi : ••"] 

[r> m„+i = ^(U, d+)i;(a: : U)6] = 
a.ext {{r> A\°^) {mkobjj^+{a.miP°''y) ■ ■ ■ {a.mnP°^y) (d(U < lr>d+]™)6)) 
where A = pro(X)(mi : Bi{X}}*^h -"l^ = pro(X)(mi : _Bi{X}}®^d -"+l]^ 

a= IT^a], and f) = A(a::U*) I _r, U<^ A+j x:U t> 6] 

[_r > m = ^(U, A)<f(x : U)fe] = 

unfold(lri>a]).m“P'*(A(U< [T > r(A) J ™)A(x : U*) [ T, r(A), a;:U > fe] ) 
[-r>a<S=m] = unfold( |_T|> a] 



In the clause for object formation, the typing of the mf®* components requires 
the relation |7^i>Al]]°'’<: |[J^>Al]™, which is derived by first unrolling the 
hxed-point, and then applying the rules for constructor subtyping. 

A method addition forms a new object by applying mkobjA+ (A+ is the 
type of the extended object) to the (translation of) the method bodies of the 
original object a, and to the newly added method. Selecting the ext field from 
a, - the object being extended - guarantees that a is evaluated prior to the 
extension: this is required for computational adequacy as the reduction rules of 
Db+ do require a to be in object form prior to reducing a method addition. The 
call to mkobjA+ is well typed, as every : V(U < A™)U*^Bi{U*} may be 

given, by subsumption, the type V(U < (A+)™)U*^Bi{U*}, using [A > A+ ] '” < 
[[ A > AJ ™, which holds as [[ Ai> A]] ™ is covariant in the bound variable Y. 

The translation of method invocation and override on a method m are trans- 
lated by a call to the corresponding components, or In both cases, a 

recursive unfold is required prior to accessing the desired component. 

The translation of contexts and judgments is obtained directly from the trans- 
lation of types and terms. 

Table 3: Translation of Contexts and Judgments 



irh*} = IT] ho [rhA<#B] = iri h ir>Ai™< 

irhA] = iri h ir>Ar^ irha:A] = irj h ir>ai : [r>Arv 
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We note that the translation of a judgment does not depend on its derivation in 
Db+: as in [ACV96], we can thus avoid coherence issues in our proofs. 

Theorem 1 (Validation of Typing). If F \- a is derivable in Db+, then: 

\r is derivable in 

2. if a b, then | T > a ] [Abb] . 

Theorem 2 (Computational Adequacy). Let a be an Db+ term such that 
0 h a : A is derivable in Db+. Then a ]}-obj if and only if [[0 > a] 

6 Subtyping and Nonextensible Objects 

The combination of object extension with subtyping has been studied from two 
orthogonal points of view in the literature: either limit subtyping in the presence 
of object extension, or distinguish extensible from nonextensible objects and 
disallow subtyping on the former while allowing it on the latter. Below, we focus 
on the second approach, deferring a discussion on the first to the full paper. 

The idea of distinguishing between extensible and nonextensible objects was 
first proposed by Fisher and Mitchell in [FM95], to which the reader is referred 
to for details. Below, instead, we show that this idea allows different subtype 
relations to be formalized uniformly within the same framework. 

Nonextensible objects are accounted for in Db+ by introducing new types, 
contexts, and judgments as in the system Ob^. (cf. Appendix A). 

Table 4: Translation for Obji.. 



Types and Contexts Judgments 

ir,'xcA,r">x]TY ^ X [ri-AcB] = [r] h ir>A]TY<: 

ir,x<:A] = iri.xc 



A further clause handles the translation of nonextensible object types: the format 
of this clause depends on how these types and the corresponding subtyping 
relation are defined. Below, we illustrate two cases. 

Covariant Subtyping a la Fisher & Mitchell’95. The new types have the form 
obj (X)((mi:i3i{X}))*^[^""l, and their reading is similar to that of the pro-types 
of Section 2: unlike pro-typed objects, however, obj -typed objects may not be 
modified or extended from the outside, pro and obj types are ordered by sub- 
typing, as established by the rule (Sub probj FM95) (in Appendix). Informally, 
pro-types may only be promoted to obj -types, not to other pro-types: hence 
only reflexive subtyping is available for pro-type, as required for the sound- 
ness of method addition and override. This subtyping rule allows subtyping 
both in width and depth: since elements of obj -types may not be overridden 
or extended, this powerful form of subtyping is sound. We note that the covari- 
ance condition T, Y, X<:Y h i?i{X} <: i?'{Y} is required also for the subtyping 
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pro(X)((mi:i3i{X}))*^[^--"l <: obj (Y)((mi:i3i{Y}))*^[^ -"l: as discussed in [FM95] co- 
variance is crucial for subject-reduction: our translation, given below, explains 
why it is generally required for soundness. 

Translation for obj types. 

lr>obj(X)(mi : ]TY = ^(x)[mf* : [T, X > Si{X} ] TV]ie[l..n] 



The translation (which coincides with the standard recursive-record encod- 
ing) explains why obj -typed objects may not be extended or overridden: this is 
easily seen once we note that their type hides the polymorphic methods and 
the updaters. Self-inflicted updates, instead, are still allowed, as in [FM95]. 
This also explains why subtyping between pro and obj types is only allowed 
to covariant occurrences of the recursion variable. To exemplify, consider a term 
d : |pro(ai)(m : X^B)]]'^’^, and assume that we allow ei to be viewed as an 
element of |obj(a;)((m : X^S) Now, given 62 : [[obj(a;)(m : X^i?) the 
interpretation of ei -f= m{e 2 ) is not sound, as the code of m in e\ could use a 
self-inflicted update that is not available in the code for m in 62 (consider that 
62 may not have the polymorphic methods available in ei). 

Theorems (Validation of Fisher- Mitchell Subtyping). If F\- A<\B is 
derivable in Dbjt., (using (Sub probj FM95j for object subtyping) then the judg- 
ment |r] h ir > <: IF > is derivable in'F^^.^. 

Invariant Subtyping for Covariant Self Types a la Abadi & Cardelli’96. Covari- 
ant Self Types, denoted here by the type expression objAc(X)((mi : i?i{X})*^[^ -”l 
are described in [AC96] (cf. Chaps. 15, 16). They share several features with the 
obj -types of [FM95], notably the fact that both describe collections of nonex- 
tensible objects. However, they have important specificities: (i) method override 
is a legal operation on elements of objic types, and {ii) subtyping over objAc 
types is only allowed in width, and defined by the rule (Sub probj AC96) (cf. 
Appendix). A translation that validates that rule is given below: 

Translation of objAc Types 

Let A = objAc(X)(mj : , and let be defined as in Table 1. 

|r>Tpv ^ ;,(x)[m7'^:(V(U< [ T c> A] ™)U*^ I T, X > F"'{X:=U* })-X, 



Note how the updaters are exposed by the translation, thus making the trans- 
lation of overrides well typed. Each of the component Bi is invariant in the 
translated type, as a result of a contravariant occurrence in the updater’s type, 
and of a covariant occurrence in the selector’s type. 

Theorem 4 (Validation of Abadi- Cardelli Subtyping). If F h A<:B is 
derivable in Dbjt., (using (Sub probj AC96j for object subtyping) then the judg- 
ment |T] h IF > <: IF > is derivable m 
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Invariant Subtyping. In [ACV96], an encoding is presented that validates in- 
variant subtyping for object types, without requiring the covariance restriction 
for the component types. However, as discussed in [AC96], covariance is critical 
for sound method invocations: briefly, the problem arises with binary methods, 
since the use of bounded abstraction in the coding of the binder oBJac makes 
the type of self unique, hence different from any other type. The same prob- 
lem affects the coding of [ACV96]: only covariant methods may be effectively 
invoked. 

An interpretation with the same properties may be obtained from our trans- 
lation. Given the type objAc(X)((mi:i?i{X})*^[^- ”l, invariant subtyping may be 
rendered by exposing the updaters of all the mi’s methods, while hiding the se- 
lectors of all the mi’s whose type Bi is not covariant in the bound variable. This 
translation would be the exact equivalent of that proposed in [ACV96]: it would 
validate invariant subtyping, and allow invocation only for covariant methods. 



7 Related Work 

The idea to split methods into different components is inspired by the object en- 
coding of [ACV96]. That translation applies only to nonextensible objects, which 
are encoded by a combined use of recursive and bounded existential types, subse- 
quently named ORBE encoding [BCP97]. Our translation, instead, uses a combi- 
nation of recursion and universal quantification to render MyType polymorphism. 
We are then able to obtain a corresponding translation for nonextensible objects 
with essentially equivalent results as [ACV96]. 

A variant of the ORBE encoding that does not use existential types is proposed 
in [AC96] (Chap. 18): our translation can be viewed as an extension of that 
encoding to handle primitives of method addition. 

Other, more recent papers have studied object encodings. In [Cra98], Crary 
proposed a simpler alternative to the ORBE encoding for nonextensible objects 
based on a combination of existential and intersection types. In [Vis98] Vis- 
vanathan gives a full-abstract translation for first-order objects with recursive 
types (but no Self Types) . Again, the translation does not handle extensible ob- 
jects. In [BDZ99], Boudol and Dal-Zilio study an encoding for extensible objects 
that relies on essentially the same idea used in our interpretation, namely the 
representation of extensible objects as a pair of a generator and a non extensi- 
ble object. The difference is that [BDZ99] uses extensible records in the target 
calculus to model object generators in ways similar to [Coo89]. 
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A The Source Calculus 

Reduction 

(Call) (j G [l..n]) 

a <= mj >- \ajx\hj 

(Extend) m„+i ^ {mi, .., m„} 

m„+i = C(U,A')?(* : U)6 ^ C(U, A')(mi = ?(a: : U)6i)*^[^--"+il 

(Override) (j G [l..n]) 

mj = C(U, A)<;{x : U)b >- (f(U, A) (mi = g(x : U)bi, mj = g(x : 



Results 



C(U, A){m,i = <;{x : 
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Context Formation - Db+ 



(Ctx x) (Ctx Match) (Ctx X) 

r \- A X ^ Dom{r) r \- A U ^ Dom{r) r \- *■ X ^ Dom{r) 

r,x : A \- r , ^ h * r, X h * 

Type formation - Db+ 

(Type Match U) (Type X) (Type pro) 

r' A, r" \- ^ r\x,r"\-^ r, x h 

r',u^A.r"hu r',x,r"hx r h pro(x)(mi:Ai)*^^ 

Term Formation - 0b+ The notation P {A) in (Val Override) is defined as follows: 

r {A) = A if A is a pro-type; 

r(A) = A' if A = u' and A' G F, 



(Ctx 0) 
0 h * 



(Val x) 

r' ,x : A, r" h * 
r',x : A,r" \- X : A 



(Val Override) 

T h a : A F \- A<^pro(X)(m : S{X}) 
F,\J<^F{A),x : U h 6 : B{U} 

F h a-«— m— <f{\},A)<;{x ■.U)b:A 



(Val Send) 
r h e : A 

F h A^i(i pro(X) (m:S{X}) 
T h e m : S{A} 



(Val Extend) 

[A = pro(X)(mi:i3i{X})*^I^'"' 

A+ = pro(X)(mi:Si{X})*^P"”+d) 
r h o : A : U h b : S„+i{U} 

r h — h ^(U, A'*')mn+i — ^{x : U)b : A'^ 



(Val Object) 

(A = pro(X)(mi:_Bi{X})*^I^'"') 
r, A, a; : U h bi : Bi{U} Vi G [l..ra] 
r h ^(U, A)(mi = <i(x : U)bi)‘^P"”l : A 



Matching - Db+ 

(Match U) (Match Refl) (Match Trans) 

r' m<tt A, r" * r',u^A.r"hu r\-u<y^B ri-s^A 



r',u^ A, r" h A r',u^A,r" h u^u ri-u^A 


(Match pro) 




T h pro(X) (mi 




T h pro(X)(mi:Si{X})*^^^ "^ 


‘+'“l^pro(X)(mi:Bi{X})*^l"""l 


Context and Type Formation - Obf . 




(Ctx Sub) 


(Type obj) 


r h A U ^ Dom(r) 


r,XhBi Vi G [l..n] 


r, U<: A h ♦ 


r h obj(X)(mi:Si)*^I^ '"l 


Term Formation - Qbf . 




(Val Send Obj) 


(Val Subsumption) 


rhe:A (A = obj(X)(rni:Bi{X}>‘^P ■■ 


j G [l..n]) rhe:A BhAcB 


T h e nij : Sj{A} 


F\- e: B 
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Subtyping - 0b<. 

(Sub U) (Sub Refl) (Sub Trans) 

r',u<:A,r" h ♦ r h ^ rhAicAa 

r',U<:A,r" h UCyt r\-A<-.A ri-AiC^a 

(Sub probj FM95) 

_r, Y, X <: Y h S'{X} <: -B^jY} Vi G [l..n] 
r h probj(X)(mi:_B'{X})*^P' ”+'‘l <: obj (Y) (Si {Y}) 1^' "1 

(Sub probj AC96) 

B, X h Bi{X} Bi covariant in X Vi G [l..n + k] 
r h probjjc(X)(mi : Si{X})*^P' ”+'“l <: objic(X)(mi : Si{X})*'^l^ '"l 



B The Target Calculus 

Syntax 



Kinds 




T 


types 


X^X 


type operators 


Constructors 




X 


constructor variable 


T 


greatest constructor of kind T 


A^B 


function type 


[mi : B, . . . , ruk : B] 


record type 


V(X<:A :: DC)A 


bounded universal type 


^i(X)A 


recursive type 


A(X :: DC)B 


operator 


B(A) 


operator application 


Expressions 




X 


variables 


X(x : A) e 


abstraction 


ei 62 


application 


A(X<:A :: DC) e 


type-abstraction 


e A 


type-application 


[mi = 61, . . . , mfc = 6fc) 


record 


e.m 


record selection 


fold(A, e) 


recursive fold 


unf old(6) 


recursive unfold 


let a; = 6i in 62 


local definition 


letrec f(x : A) : B = 61 


in 62 recursive local definition 



Reduction 

(/ 9 i) (A(a; : A)ei ) 62 [e2/a:]ei (select) [mi = 6j O’ G [l..n]) 

(/92) (yl(X<A)ei)B [B/X] 61 (unfold) unfold(fold(A, 6 )) 6 

V X(x : A) e | [mi — — efcjj f old(A, e) j yl(X<:A :: JC) e 



Results 
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Abstract. One way of suggesting that an NP problem may not be NP- 
complete is to show that it is in the class UP. We suggest an analo- 
gous new approach — weaker in strength of evidence but more broadly 
applicable — to suggesting that concrete NP problems are not NP-com- 
plete. In particular we introduce the class EP, the subclass of NP consi- 
sting of those languages accepted by NP machines that when they accept 
always have a number of accepting paths that is a power of two. Since if 
any NP-complete set is in EP then all NP sets are in EP, it follows — with 
whatever degree of strength one believes that EP differs from NP — that 
membership in EP can be viewed as evidence that a problem is not 
NP-complete. 

We show that the negation equivalence problem for OBDDs (ordered 
binary decision diagrams |17l12p and the interchange equivalence pro- 
blem for 2-dags are in EP. We also show that for boolean negation m 
the equivalence problem is in EP*^^, thus tightening the existing NP^^ 
upper bound. We show that FewP 0, bounded ambiguity polynomial 
time, is contained in EP, a result that is not known to follow from the 
previous SPP upper bound. For the three problems and classes just men- 
tioned with regard to EP, no proof of membership/containment in UP 
is known, and for the problem just mentioned with regard to EP^^, 
no proof of membership in UP*^^ is known. Thus, EP is indeed a tool 
that gives evidence against NP-completeness in natural cases where UP 
cannot currently be applied. 



1 Introduction 

NP languages can be defined via machines that reject by having zero 
accepting paths, and that accept by having their number of accepting 
paths belong to the set {1,2,3,...}. A number of researchers have sought 
to refine the class NP by shrinking the path-cardinality set signifying 
acceptance, while retaining the requirement that rejection be associated 
with having zero accepting paths. We will call any such class a restric- 
ted counting class. The most common restricted counting classes in the 

* Gorresponding author. Email: rothe@informatik.uni-jena.de. 

G. Ciobanu and G. Paun (Eds.): FGT’99, LNGS 1684, pp. 1 24- 11 1999. 

© Springer- Verlag Berlin Heidelberg 1999 
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literature are random polynomial time (usually denoted R or RP) and 
ambiguity-bounded classes such as UP and FewP. Ambiguity-bounded 
classes will be of central interest to us in the present paper. 

Valiant’s class UP (unambiguous polynomial time) ^21) which is 
known to differ from P exactly if one-way functions exist jIS|, has 
the acceptance set {!}, and so is a restricted counting class. Accep- 
tance sets of the forms {1, 2, 3, . . . , and {1,2}, {1,2,3}, ... de- 

fine, respectively, the class FewP |2| and the classes UP< 2 , UP< 3 , 

. . . j2], and thus these too are restricted counting classes. (Note: 
UP C UP <2 C UP <3 C • • • C UPc)(i) C FewP C NP, where UP(p(i) = 
Ufc>i UP<fc.) These classes are also connected to the existence of one-way 
functions and have been extensively studied in a wide variety of contexts, 
such as class containments ESEni, complete sets reducibilities 
boolean hierarchy equivalences m , complex! ty-theoretic analogs of Rice’s 
Theorem m, and upward separations m- 

Of course, the litmus test of NP refinements such as UP, UP<fc, and 
FewP is the extent to whieh they allow us to refine the upper bounds on the 
eomplexity of natural NP problems. Of these classes, UP has been most 
successful in this regard. UP is known to provide an upper bound on the 
complexity of (a language version of) the discrete logarithm problem [llt)| . 
and UP (indeed UP OcoUP) is known to provide an upper bound on the 
complexity of primality testing m- 

However, there are certain NP problems whose richness of structure 
has to date defied attempts to put them in UP or even FewP, yet that no- 
netheless intuitively seem to use less than the full generality of NP’s accep- 
tance mechanism. To try to categorize these problems, we introduce the 
class EP, which is intermediate between FewP and NP: FewP C EP C NP. 
In particular, EP is the NP subclass whose acceptance set is {2* \i G IN}, 
IN = {0,1, 2, 3,...}. 

In Section 0 we provide improved upper bounds on the complexity of 
the problems OBDD (Ordered Binary Decision Diagram) Negation Equi- 
valence, 2-Dag Interchange Equivalence, and Boolean Negation Equiva- 
lence. These three problems are trivially in, respectively, NP, NP, and 
NP^^. We provide, respectively, EP, EP, and EP^^ upper bounds. The 
problems are not known to belong to (and do not seem to obviously belong 
to), respectively, EewP, EewP, and EewP'^^. 

In Sectional we prove a general result regarding containment of EewP 
in certain restricted counting classes. In particular, we establish a suffi- 
cient condition for when restricted counting classes contain EewP. Prom 
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our result it follows that EP contains FewP and, moreover, our result sub- 
sumes as special cases some previously known results from the literature. 
In Section EJ we list some open questions related to our work. 

2 Concrete Problems and EP 

In this section, we provide concrete problems known to be in NP (or 
NpNP), prove they are in fact in EP (or EP^^). We now define 

the class EP (mnemonic: the number of accepting computation paths is 
restricted to being either 0 or some power (some exponentiation) of 2). 
For any nondeterministic polynomial-time Turing machine N and any 
string X, let #acc^(x) denote the number of accepting computation paths 
of N on input x. Our alphabet U will be {0, 1}. For any string x € E*, 
let \x\ denote the length of x. 

Definition 1. EP denotes the elass of all languages L for whieh there 
is a nondeterministie polynomial-time Turing maehine N sueh that, for 
eaeh input x & E* , 

x ^ L #aeC]^{x) = 0, and 

X G L #aeej^{x) G {2* | i G IN}. 

Consider the following well-known problem. 

Problem: Boolean Negation Equivalence (BNE) (see the survey by Har- 
rison (201 and the bibliography provided after the references in the paper 
by Borchert, Ranjan, and Stephan nni) 

Input: Two boolean functions (input as boolean formulas using variable 
names and the symbols {A, V, -■, (, )}), f{xi,...,Xn) and g{x±, . . . ,Xn), 
over the same n boolean variables. 

Question: Are / and g negation equivalent? That is, can one negate 
inputs of g such that / and the modified function g' are 

For concreteness as a language problem, BNE = {(/, ff) | / and g are 
negation equivalent}. 

For example, the two boolean functions described by the formulas 
xi V X2 V X3 and x\ V -1X2 V -1X3 are negation equivalent by negating 

^ The notion of boolean function equivalence underlying the definition of negation 
equivalence is the standard one. Two boolean functions (over the same variables) are 
equivalent if they have the same truth value for every assignment to their variables. 
Testing equivalence of pairs of boolean formulas is in coNP. 



some of the 
equivalent 10 



Restrictive Acceptance Suffices for Equivalence Problems 127 



X 2 and X 3 . Regarding lower bounds, Borchert, Ranjan, and Stephan m 
have shown that BNE is US-hard 0, and thus in particular is coNP- 
hard. Regarding upper bounds, BNE E ^0! and BNE E coAM'^^ 

(combining [HOj and P] ) • It follows from the latter that BNE is not NP'^^- 
complete unless the polynomial hierarchy collapses ( EP , in light of UDEOl). 
Interestingly, neither of these two upper bounds — NP^^ and coAM^^ — is 
known to imply the other. 

We now prove BNE E EP^^, which is neither known to imply nor 
known to be implied by the coAM^^ upper bound, but which clearly im- 
proves the NP'^^ upper bound as EP^^ C NP^^. The proof of Theorem^ 
can be found in the full version of this paper. 

Theorem 1. BNE E . 

There are ways of describing boolean functions such that the equi- 
valence problem is in P. The most prominent such way is by ordered 
binary decision diagrams (OBDDs)H So, essentially by the same type of 
discussion found in the proof of Theorem ^ the following computational 
problem, OBDD Negation Equivalence, is in (nonrelativized) EP: Given 
a pair (e, /) of OBDDs, are the boolean functions described by e and / 
negation equivalent? 

If we consider the special case that for the two OBDDs (e, /) above 
the order of the variables is required to be the same, we see that the 
following graph-theoretic problem is in (nonrelativized) EP. A 2- dag is a 
directed acyclic graph (without labels) with a unique root and either 0 or 
2 ordered successors for each node. Por a 2 -dag each node is assigned a 
depth, namely the distance to the root. Now consider the following com- 
putational problem (2-Dag Interchange Equivalence): Given two 2-dags 
F and G, is there a sequence of natural numbers (ii, . . . ,im) such that, 
if in G for each node of depth ii, . . . , its two successors (if they exist) 
are interchanged, then the modified 2-dag G' equals F? This problem 
can be shown to be in EP (similarly to the argument above). Moreover, 
the problem can easily be reduced to Graph Isomorphism. The authors 
know of no P algorithm for the general case of 2-Dag Interchange Equi- 
valence, though the special case of this problem with binary trees instead 
of general 2 -dags has an easy deterministic polynomial-time algorithm. 

^ Fortune, Hopcroft, and Schmidt were the ones who proved that equivalence for 
OBDDs is in P. OBDDs have recently become a structure of interest to theoretical 
computer scientists in a variety of settings, see, e.g., mm- For general background 
on OBDDs see, for example, the survey by Bryant |12|. 
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3 Location of EP 
3.1 Result 

We state a general result that our technique gives, regarding the contain- 
ment of FewP in restricted counting classes. We need some additional 
definitions. 

Definition 2. Let S he any set of positive integers. Define the restrieted 
eounting class RC^ as follows. L G RC 5 if and only if there exists a 
nondeterministie polynomial-time Turing machine N such that, for every 
X G D*, 

1. if X £ L then #acc]^{x) G S, and 

2. if X ^ L then #accj,f{x) = 0. 

For example, Valiant’s extensively studied class UP equals RC{i}, and, 
for each k >2, the class ModZ^P of Beigel, Gill, and Hertrampf jOj equals 

RC]N_{a|(3feg]N) [a=b-k]}- 

A set is non-gap py if it has only small holes. 

Definition 3. Let S be any set of positive integers. We say S is non- 
gappy if S $ and {3k > 0)(Vn G S){3m G S)[m > n A m/n < k]. 

Definition 4. p]]| Let L be any subset of S* . We say L is P-printable 
if there is a deterministic Turing machine M that runs in polynomial- 
time such that, for every nonnegative integer n, M(0"') prints out the set 
{x I X G L A |a:| <n}. 



Theorem 2. Let T he any set of positive integers such that T has a non- 
gappy, P-printable subset. Then FewP C RCr- 

Our proof technique builds (e.g., by adding a rate-of-growth argu- 
ment) on that used by Cai and Hemachandra m to prove FewP C 0 P, 
where ©P |m?7| is the class of languages L such that for some nonde- 
terministic polynomial-time Turing machine N, on each x it holds that 
X £ L fi^acc]\f{x) = 1 (mod 2). We note that Kobler, Schoning, 

Toda, and Toran uni interestingly built on that technique in their proof 
that FewP C CUP, where CUP |35 is the class of languages L such that 
there is a polynomial-time function / and a nondeterministie polynomial- 
time Turing machine N such that for each x, x G L if and only if 
fiaccNix) = f{x). 



Restrictive Acceptance Suffices for Equivalence Problems 129 



Proof of Theorem |2J Let 5 be a non-gappy, P-printable subset of T. 
Let A; > 0 be, for 5, some constant satisfying Definition El 

Let L be any language in FewP. Let N he a machine witnessing that 
L E FewP, and let p be a polynomial bounding the nondeterministic am- 
biguity of N, i.e., for each input x, #acc^(x) < p(|a;|). To show that 
L E RCt, we describe a nondeterministic polynomial-time Turing ma- 
chine N that accepts L via the RCt acceptance mechanism. 

On input x, N chooses p(|x|) natural numbers ci,C2, . . ■ ,Cp(^ix\) 
follows. Initially, we assume that ci, which is defined to be the least 
element of S, is hard-coded into the program of N. Successively, for 
i = 2, . . . ,p(\x\), machine N on input x does the following: 

— Let Cl, ... , Ci-i be the constants that have already been chosen. Define 



bi = 





Ci—l- 



— Let Oj be the least element of S such that bi < ai. 
Set Ci — CLi bi . 



After having chosen these constants, N (still on input x) will do the 
following: Nondeterministically guess an integer i E {1, 2, . . . ,p(|x|)} and, 
for each i guessed, nondeterministically guess each (unordered) i-tuple 
of distinct paths of N{x). On each path a resulting from such a guess 
series, N{x) sees whether the i paths of N{x) that were guessed on a 
are all accepting paths. If all are accepting paths, then path a, via trivial 
nondeterministic guesses, splits itself into Cj accepting paths. On the other 
hand, if at least one of the i guessed paths is a rejecting path, then path 
a simply rejects. This completes the description of iV. 

The intuition behind the construction of N is that for each input 
X the following holds. N{x) has ci accepting paths for each accepting 

path of iV(x); N{x) has C 2 additional accepting paths for each pair of 

distinct accepting paths of iV(x); and so on. So, if x E L, N{x) has 
^^#acc-{x) additional accepting paths for the (one) #accjy(x)-tuple of 

distinct accepting paths of N(x). However, if for some z with ^accjy(x) < 
z < p(|x|) a z-tuple of distinct paths of N{x) was guessed on a path a 

of N{x), then a must contain a rejecting path of N(x), and thus N(x) 
will have no accepting paths related to c^. This intuition is expressed 
formally by: 



f #accj^(a;) 

V 1 



Cl + 



f #acc^(a:) 

V 2 



C2 -b ■ 



f #accjv(a:)\ 

y#acCjY(a;)y #acc^(ai) 



#acc^(a:) = 
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Assume x G L. Thus, 0 < #acc^(x) < p{\x\). Since C:^acc - ( 2 :) 
chosen such that 



#accjy(x) = 1 #acc^(x) = c\, and 

#acc^(x) > 2 #acc]\f{x) = ^:^acc^<^(x) + '^#acc^(x) ~ ®#acc^(x)’ 

and since both ci and are elements of S, it follows that 

#accjv(x) G T. On the other hand, if x 0 L then ^accjy(x) = 0, and 
so #accjv(a^) = 0. 

So now, to prove that L G RCt, it suffices to establish an exponential 
(in |x|) upper bound on the value of maxj<p(| 2 ;|) Ci. 

We will consider, for j > 2, what bounds hold on the value of cj. 
By construction of N and since S is non-gappy, we have cj < aj < kbj. 
Regarding the latter inequality, note that bj is not necessarily an element 
of S. However, for each j, ci < bj] so for each j, there exists abj G S such 
that bj < bj and bj is the greatest such integer in S. Since aj is defined 
to be the least element of S such that bj < aj, we have Uj < kbj < kbj. 
From the above and the definition of bj, we have: 



Cj < k 




Cl + 



C2 + 




Cj-l 



( 1 ) 



< KJ - 1) I 



■ , max a. 



The factor j — 1 in inequality o is the number of terms in bj, and the 

coefficient (ri-,) is the biggest binomial coefficient of any term in bj. 

1 2 1 

Recall that once we were given S' C T we fixed k. For all sufficiently 
large j the following holds: 



(2) 



k{j - 1) 




< 



(^T 



In particular, let jhad = jbad{k) be the largest j for which the above 
inequality fails to hold (if it always holds, set j^ad = !)• Let I^ad = 
maxi<i<j^^^ a. From inequalities (0 and ©, we clearly have that, for 

j ^ jbad- 

Cj < had ■ 

jbad‘^'^'^3 

and, for j < jhad, Cj < had- This implies that Cj = 
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Thus, for the fixed k associated with 5* C T, the value of maxj<p(| 2 ,|) q 
indeed is bounded by an exponential function in |x|. Hence, L G RCt, 
and thus FewP C RCt- I 

It is immediate from its definition that EP C NP. It is also clear 
that the quantum-computation- related class C==P[half] of Berthiaume 
and Brassard |Z| is contained in EPJU Erom Theorem 0 it immediately 
follows that EewP C EP, since EP = RC| 2 i|jg]N} and {2* | i G M} is 
clearly a P-printable, non-gappy set. 

Corollary 1. EewP C EP. 

The comments attached to our on-line technical report version [HI give 
some of the history of the proof of our results and of some valuable com- 
ments made by Richard Beigel, in particular that EewP is also contained 
in the EP analog based on any integer n (note that the acceptance sets 
for such classes are P-printable and non-gappy). 

Cai and Hemachandra’s result EewP C 0P has been generalized 
to EewP C ModZfcP, for each > 2 (^. This generalization also follows 
as a special case of Theorem El since ModZ^P = RC]N_{a|( 3 ftg]N) [a=b-k]} a-s 
mentioned above. 

Corollary 2. 0 For each k >2, EewP C ModZ^P. 

3.2 Discussion 

An immediate question is how Corollary E relates to known results ab- 
out EewP. Clearly, Corollary ^ represents an improvement on the trivial 
inclusion EewP C NP. However, how does it compare with the nontri- 
vial result of Kobler et al. ESI and Fenner, Fortnow, and Kurtz that 
FewP C Few C SPP C 0P n CUP? Informally stated. Few |IH] is what a 
P machine can do given one call to a function that obeys the promise 
that its value is always at most polynomial. SPP f1 P,p.P,\ is the class of 
sets L such that for some nondeterministic polynomial-time Turing ma- 
chine N it holds that if x ^ L then N{x) has one fewer accepting path 
than it has rejecting paths, and if x G T then the numbers of accepting 
and rejecting paths of N{x) are equal. Curiously, note that the nontrivial 

® C==P[half], introduced by Berthiaume and Brassard |Z] in their study of quantum 
complexity, is a variant of the class WPP of Fenner, Fortnow, and Kurtz Namely, 

C==P[half] is the class of languages L such that there is some nondeterministic 
Turing machine such that if the input is in L exactly half of the paths are accepting 
paths and if the input is not in L none of the paths are accepting paths. 
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result that FewP C SPP itself neither is known to imply nor is known to 
be implied by the trivial result FewP C NP. 

There are a number of related aspects to the question raised above. 
First, is SPP C EP? This inclusion — which would make Corollary Q] a 
trivial consequence of the known result FewP C SPP — seems unlikely, 
as if SPP C EP, then SPP C NP, and SPP C NP is considered un- 
likely (see USEH). Second, is EP C SPP? (This inclusion would make 
Corollary Q a strengthening of the known result that EewP C SPP.) We 
do not know. Third, notice that we proved EewP C EP but that the 
Kobler et al. and Eenner, Eortnow, and Kurtz m work shows that 
Eew C SPP. Can our result be extended to show Eew C EP? The rea- 
son we mention this is that often it is the case that when one can prove 
something about EewP, then one can also prove it about the slightly big- 
ger class Pew. Eor example, Cai and Hemachandra, after showing that 
EewP is in 0P, then easily applied their technique to show that even Eew 
is in 0P m- Similarly, it is immediately clear that EewP has Turing- 
complete sets if and only if Pew has Turing-complete sets, and so the proof 
that there is a relativized world in which EewP lacks Turing-complete 
sets [22 implicitly proves that there is a world in which Eew lacks Turing- 
complete sets (see also m)- However, in the case of Corollary ^ it is 
unlikely that by modifying the technique in a way similar to that done 
by Cai and Hemachandra one could hope to establish the slightly stron- 
ger result that EP even contains Eew. Why? Clearly coUP C Pew and 
EP C NP, so the assumption Pew C EP would imply (along with other 
even more unlikely things) coUP C NP. 

Eourth, one might wonder directly, since EewP C 0P is known, about 
the relationship between EP and 0P. That is, how is EP ^owers-of-two 
acceptance) related to 0P (multiples-of-two acceptance) lu We note the 
following. By a diagonalization so routine as to not be worth including 
here, one can show (3H) [coUP"^ ^ EP"^]. It follows immediately, since 
(for each B) coUP'® C Eew®, that (3H) [Eew"^ ^ EP"^] and (3H) [0P"^ ^ 
EP"^] . Similarly, if one looks at the test language inside the proof of Pro- 
position 12 of Beigel’s 1991 “mod classes” paper |0, one can see that for 
his case “A: = 2” the test language is in (relativized) C==P[half], and thus 
as a corollary to his proof one can claim (3H) [C==P[half]"^ 2 0P"^]. It 
follows immediately that (3H) [EP^ ^ 0P"^]. Since these are standard 
diagonalizations that can easily be interleaved, it is easy to see that there 
is a relativized world in which EP and 0P are incomparable (i.e., neit- 



However, one should keep in mind the contrasting rejection sets of these two classes. 
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her is contained in the other). Concerning ModgP classes j'l .‘-tiij for values 
q > 2, see the discussion in our on-line technical report version jO]. 

Fifth and finally, to complete this discussion, what is the relation 
between EP and CUP? Proposition ^ below shows that EP is contained 
in C=pfl the proof of this result can be found in the full version of this 
paper. Thus, Corollary ^ improves upon Kobler et al.’s result that FewP C 
CUP |25j — an improvement that seems to neither imply nor be implied by 
other improvements of their result such as Few C SPP see also [TS| ) . 

Proposition 1. EP C C=P. 

4 Open Questions 

Does EP equal NP? It would be nice to give evidence that such an equality 
would, for example, collapse the polynomial hierarchy. However, UP C 
EP C NP, and at the present time, it is open whether even the stronger 
assumption UP = NP implies any startling collapses. Also, does EP, 
in contrast to most promise classes, have complete sets? We conjecture 
that EP lacks complete sets (of course, if EP equals NP then EP has 
complete sets). It is clear that EP is closed under conjunctive reductions 
and under disjoint union, and (thus) under intersection. Is EP closed 
under disjunctive reductions or union? 
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Abstract. We consider parallel communicating grammar systems which 
consist of several grammars and perform derivation steps, where each of 
the grammars works in a parallel and synchronized manner on its own 
sentential form, and communication steps, where a transfer of sentential 
forms is done. We discuss accepting and analyzing versions of such gram- 
mar systems with context-free productions and present characterizations 
of the family of recursively enumerable languages by them. 

In accepting parallel communicating grammar systems rules of the form 
a — >■ A with a word a and a nonterminal A are applied as in the gene- 
rating case, and the language consists of all terminal words which can 
derive the axiom. We prove that all types of these accepting grammar 
systems describe the family of recursively enumerable languages, even if 
A-rules are forbidden. 

Moreover, we study analyzing parallel communicating grammar systems, 
the derivations of which perform the generating counterparts backwards. 
This requires a modification of the generating derivation concept to 
strong-returning parallel communicating grammar systems which also 
generate the family of recursively enumerable languages. 



1 Introduction 

Parallel communicating grammar systems are introduced in US] and are widely 
investigated nowadays (see jdftiTIl Dfl Sllbj ). They consist of several grammars 
(called components or processors of the system) which work in a parallel and 
synchronized manner, each on its own sentential form. In a derivation step of 
the system each component transforms its sentential form according to its pro- 
duction rules. Moreover, the components cooperate by communication. A com- 
munication step is done by request through special nonterminals, called query 
symbols. Whenever a component has introduced a query symbol, the rewriting 
process is interrupted, and the components to which the query symbols point 
immediately send their current sentential forms to those components which have 
requested the communication step. There, each query symbol is rewritten by the 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 136-|143 1999. 
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corresponding received sentential form. Finally, the system generates a common 
language, namely the set of all terminal strings which can be obtained in one 
certain component. 

Parallel communicating grammar systems are of interest because they form a 
syntactic model of a problem solving system called classroom model in artificial 
intelligence and a model of parallel and distributed computation as it appears, 
e.g., in computer networks. This approach has several advantages, e.g., it allows 
to compare the power of distinct communication structures (parallel architectu- 
res) in a way in which other (computing) models have not been able to establish 
results (for a discussion of the latter item, see 0 ). 

On the other hand, in many applications one is interested in analyzing (re- 
cognizing) formal languages instead of generating them. One concept for this 
purpose is the notion of analyzing grammars as it has been considered for the 
well-known type-n grammars of the Chomsky hierarchy, n S {0, 1, 2, 3}, by Arto 
Salomaa in cni Chapter 1]. Here, the general idea is the following: a given (ter- 
minal) word w is accepted iff one can derive the axiom (which therefore is seen as 
a goal symbol instead of a start symbol) by iterated applications of productions 
to w, where an analyzing production, is defined as in the generating case but the 
left-hand sides are interchanged with the right-hand sides. It is proved that the 
families of languages described by accepting type-n grammars, n G {0,1, 2, 3}, 
trivially coincide with the families of languages generated by grammars of the 
corresponding type. 

This concept of analyzing grammars can be seen in two different ways: at first, 
one might gain the intuition that derivations of analyzing grammars just mimic 
the derivations of their generating counterparts step by step, simply performing 
any possible derivation of the generating mechanism backwards. In this case, one 
has to look for an appropriate definition of the corresponding analyzing device 
such that the language families generated and analyzed in this way automatically 
coincide. This is not always as straightforward as in case of Chomsky grammars, 
e.g., for some grammars with controlled derivations or for grammar systems (for 
an example of such approach see uni). 

A second interpretation of the idea of analyzing grammars is in line with the 
research on accepting grammars and systems as it has been done, e.g., in UI21 
REIflj . Here, the yield relation is defined by textually transferring the definition 
of a derivation step from the generating case to the accepting one. That is, we 
take the well-known mechanism, now, in order to recognize words and not to 
generate them, and we investigate which language class can be described by 
these means. It has been shown that the trivial equivalence result known from 
Chomsky grammars does not hold any longer for several types of grammars and 
systems. 

In this paper, we follow both interpretations of language analyzing gram- 
mar tools for the case of parallel communicating grammar systems. In the next 
section we shall treat the idea of textual transfer of the definition of the yield re- 
lation (both for rewriting steps and for communication steps). Here, generating 
and accepting derivations cannot trivially simulate each other since the com- 
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munication has a different effect. We show that all types of accepting parallel 
communicating grammar systems describe the family of recursively enumerable 
languages. This result is surprising because it also holds for accepting grammar 
systems where A-rules are forbidden. 

In Section 3 we follow the other approach. In a derivation step of a generating 
parallel communicating grammar system the terminal strings are not changed. 
This leads to a problem if we want to reverse the generation mechanism by an 
analyzing grammar since terminal strings have to be changed in some cases and 
have not to be changed in some other steps although the rules of the component 
can be applied. In order to overcome this unnatural behavior, in Section 3 we 
modify the working of a generating parallel communicating grammar system as 
follows: if a terminal word is obtained by a component (i.e., the component has 
finished its work), it starts a new derivation from its axiom. First, we note that 
this modification has a meaningful interpretation in the classroom model: if a 
component has obtained a solution (i.e., one possible solution) for its subproblem, 
then - independently of whether or not there is a request for the obtained solution 
by some other component - the component starts a new derivation process in 
order to get a possibly different solution for the subproblem. Furthermore, this 
modification allows a definition of an analyzing grammar with derivations that 
can mimic generating ones and vice versa. Moreover, this modification does 
not affect the generative power of generating parallel communicating grammar 
systems. 

In what follows, we assume that the reader is familiar with basic notions 
and basic knowledge of formal language and automata theory. Concerning our 
notation, we mostly follow jjj: C denotes inclusion, C denotes strict inclusion, 
\M\ is the number of elements in the set M . The empty word is denoted by A. 
We consider two languages Li and L 2 to be equal iff Li \ {A} = T 2 \ {A}, and 
we simply write L\ = in this case. We term two devices describing languages 
equivalent if the two described languages are equal. The length of a word x is 
denoted by |a:|. If x G V*, where V is some alphabet, and if W C ]/, then 
\x\w denotes the number of occurrences of letters from W in x. The families of 
context-free, A-free context-free and type-0 Chomsky grammars are denoted by 
CF, CF-A and RE, respectively. If X is one of these families, C{X) denotes the 
family of languages generated (accepted) by some device from family X. 

2 Accepting Parallel Communicating Grammar Systems 

We now give a definition for parallel communicating grammar systems which co- 
vers the language generating and accepting case. We restrict ourselves to systems 
with context-free productions. 

Definition 1. A generating [accepting] parallel communicating grammar system 
(PC grammar system, for short) with n context-free components, where n > 1, 
is an {n 3) -tuple T = (N, K,T,Gi,G 2 , ■ ■ ■ ,Gn), where N, K, and T are 
pairwise disjoint alphabets of nonterminal symbols, query symbols, and termi- 
nal symbols, respectively. For 1 < i < n, Gi = {N U K, T, Pi, Si) is a generating 
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[accepting] context-free Chomsky grammar with nonterminal alphabet N \J K, 
terminal alphabet T, a set of rewriting rules Pi C [N U K) x {N U T U K)* 
[Pi C [N U T U K)* X (TV U K) [ and an axiom Si . 

The grammars Gi , G 2 , . . . G„ are called components of P, Gi is said to be 
the master component (or master grammar) of P. The total alphabet iVUiVUT 
of r is denoted by Vr- 

Definition 2. Let P = (TV, iV, T, Gi, G 2 , . . . , G„), n > 1, be a PC grammar 
system as above. An n-tuple (xi, X 2 , . • . , Xn), where Xi 1 <i <n, is called 

a configuration of P. If P is generating, {S\, S 2 , • ■ • , S'„) is said to be the initial 
configuration, in accepting case it is called goal configuration, whereas an initial 
configuration in accepting mode is given by a tuple in T* x (V^)"“^. 

PC grammar systems change their configurations by performing direct deri- 
vation steps. 

Definition 3. Let P = (TV, TV, T, Gi, G 2 , . . . , G„), n > 1, &e a parallel com- 
municating grammar system, and let (xi,X 2 , . . . , x„) and {yi,y 2 , ■ ■ ■ ,yn) be two 
configurations of P. We say that {xi,X 2 , • ■ • , directly derives (?/i, j/ 2 , • ■ • > Vn), 
denoted by (xi, X 2 , ■ ■ ■ , Xn) (j/i, J/ 2 ) • ■ • j 2/n)> if one of the next three cases 
holds: 

la. P is a generating PC grammar system, and there is no Xi which contains 
any query symbol. Then, for 1 <i <n, either Xi € (TVUT)* \T* and Xi yt 
or Xi € T* and yt = Xi. 

lb. P is an accepting PC grammar system, and there is no Xi which contains 
any query symbol. Then, for I < i < n, either Xi G {NUT)*\{Si} and Xi yt 
or Xi = yi = Si. 

2. P is a generating or accepting PC grammar system, and there is some Xi, 
1 < i < n, which contains at least one occurrence of query symbols. Let Xi be of 
the form Xi = ziQi,^Z 2 Qi 2 ■ • ■ ZtQi^Zt+i, where Zj € (TV U T)*, 1 < j < t -h 1, and 
Qi, G K, 1 <l <t. In this case yi = ziXi^Z 2 Xi^ . . . ZtXi^Zt+i, if Xi,, 1 < I S t, 
does not contain any query symbol. In so-called returning systems, y^ = a^, for 
1 < I < t, where ai, is the (ii)-th sentential form of the initial configuration 
{ai,a 2 , ■ . ■ ,cx„) of the current derivation. In non-returning systems y^ = Xi^, 
\ < I < t. If some Xi, contains at least one occurrence of query symbols, then 
yi = Xi. For all i, 1 < i < n, for which yi is not specified above, yi = Xi holds. 

The first case is the description of a rewriting step in generating mode (la) 
and in accepting mode (lb): if no query symbols are present in any of the senten- 
tial forms, then each component grammar uses one of its rewriting rules except 
those which have already produced a terminal string (the latter point will be 
changed in the systems considered in Section 3) or the axiom, respectively. The 
derivation is blocked if a sentential form is not a terminal string or the axiom, 
respectively, but no rule can be applied to it. 
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The second case describes a communication step which has priority over ef- 
fective rewriting: if some query symbol, say Qj, appears in a sentential form, 
then the rewriting process stops and a communication step must be performed. 
The symbol Qj has to be replaced by the current sentential form of compo- 
nent Gj, say Xj, supposing that Xj does not contain any query symbol. If this 
sentential form also contains query symbols, then first these symbols must be 
replaced with the requested sentential forms and so on. If this condition cannot 
be fulfilled (a circular query appeared), then the derivation is blocked. 

If the sentential form of a component was communicated to another one, this 
component can continue its own work in two ways: in so-called returning systems, 
the component must return to its sentential form of the initial configuration and 
begin to derive a new string. In non-returning systems the components do not 
return to their initial sentential forms but continue to process their current string. 

In the following, by the reflexive and transitive closure of the yield 

relation is denoted. 

Definition 4 . Let F = {N, K,T,Gi,G2, ■ ■ ■ , G„) be a PC grammar system as 
above. If F is a generating PC grammar system, its language defined by F is 

Lgen(F) = {xi GT* I Sn) ^ {xi, X2, ■ ■ ■ , Xn) , Xi G Vf , 2 < i < n} . 

If F is an accepting PC grammar system, its language is 

Lacc(r) = {xi G T* I (xi,X2,...,Xn) ^ (^i , S'2 , . . . , 5 „) , X, G Vf , 2 < i < n} . 

Thus, the generated language consists of the terminal strings appearing as 
sentential forms of the master grammar G\ in a derivation which started off with 
the initial configuration (S'!, S2, ■ ■ ■ , Sn), whereas the accepted language consists 
of all terminal words appearing as sentential forms of the master grammar G\ 
in the initial configuration of an arbitrary derivation which yields the goal con- 
flguration {81,82, ■ ■■ , Sn). 

Finally, we define a special variant of PC grammar systems where the ability 
to ask for communication is restricted to the master component. A PC grammar 
system F = {N, AT, T, Gi, G2, . . . , G„) (in both generating and accepting case) is 
referred to as centralized if, for 2 < t < n, C (A^ U T)* x (A^ U T)* . Otherwise 
(in the unrestricted case) it is called non- centralized. 

We shall denote the families of languages generated [accepted] by retur- 
ning and non-returning PC grammar systems with context-free components by 
£gen(PC,CF) and £ge„(NPC,CF) [£acc(PC,CF) and £acc(NPC,CF)j, respec- 
tively. When only centralized PC grammar systems are used, we add the letter 
C coming, e.g., to families £gen(CPC*CF), £gen(NCPC,CF) and so on. Furt- 
hermore, we replace CF by CF-A in that notation if A-rules are forbidden in any 
component of the systems. 

We now prove that in all accepting cases - also those where A-rules are 
forbidden - we describe the family of recursively enumerable languages. Together 
with the relations given above we also know the relations between generating 
and accepting variants. 
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Theorem 1. For X £ {PC, CPC, NPC, NCPC}, Y £ |CF-A,CF}, 

Cacc{X,Y) = £(RE) . 

Proof. The inclusions Ca.cc{XYY) C £(RE) trivially hold by Turing machine 
constructions. The converse inclusions are proved by the following simulations 
of type-0 grammars which are assumed to be given in an appropriate normal 
form. 

Let L G £(RE). Then there is a type-0 grammar G = {Vn, Vt, P, S) genera- 
ting L, where the set P of productions can be assumed to contain only rules of 
the forms A — >■ BC, A — >■ a, AB — >■ CD, and Z — >■ A, where A, B,C, D £ Vjq, 
a £ Vt, and Z is a, special nonterminal symbol. This can be seen by combi- 
ning the idea of the proof of Theorem 9.9 in jlfilj with the usual construction of 
Kuroda normal form (cf., e.g., |1 2j). 

Let the total alphabet Vjt VJVt oi G contain r symbols, say Vn AVt = 
{xi,X 2 , ■ ■ ■ ,Xr}, and let the number of (pairwise different) productions in P of 
the form AB — >■ CD be n. Moreover, let us assume a unique label ri, 1 < i < n, 
being attached to each production of this form. 

We now consider the accepting parallel communicating grammar system 

r={N,K,T,Gi,G 2 ,...,Gr,+ 2 r+l) 
with n -|- 2r -|- 1 components, where 

fV = Vat U {S' 2 , tS^3, . . . j }i K — |Q2j Qs; • ■ ■ ! Qn-|-2r--|-l}; T — Vt 

with additional symbols S 2 , S 3 , . . . Sn+ 2 r+i, Q 2 , Qs, ■ ■ ■ , Qn+ 2 r+i, and the com- 
ponents are constructed as follows: 

Gi = {NU K,T,Pi,S) with 

Pi = {BC A \ A^ BC £ P, A,B,C £Vn} 

U { a — ^ A I A — a £ P, A £ Vn , u £ Vt } 

U{CD Qi+i \ Ti : AB ^ CD £ P, 1 < i < n} 

U{Xj y Qn+l+j I 1 ^ J ^ L) {Xj y Qri+l+r+j I ^ — J — 
and, for 2 < i < n + 1, if ri : AB — >■ CD, 

Gi = {NU K,T,Pi,S^) with 
Pi = {A^ A, AB S,} . 

Furthermore, for any symbol Xj £ Vn U Vt, 1 < J < r, two additional compo- 
nents Gn+i+j and Gn+i+r+j are introduced providing the strings Zxj and XjZ, 
respectively. More precisely, for 1 < j < r, we have 

Gn+i+j = {X U K,T, Pn+i^j, Sn+i+j) with 
Pn+l+j = ZXj — >■ iSra+i+j} , 

Gn+l+r+j ~ {X U K,P, Pn-\-l-\-r+j T Sn+l+r+j) with 
Pn+l+r+j = Z,XjZ — >■ . 
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Obviously, a derivation with initial configuration (w, 02 , 0 : 3 , , a„+ 2 r+i) yields 
the goal configuration if 

— S =4> w in G, 

— for 2 < t < n + 1, Oi = AB if AB is the left-hand side of production in 

P, and 

— for 1 < j < r, an+i+j = Zxj and an+i+r+j = XjZ. 

Then the master component can directly simulate the (reverse) application of 
context-free productions from P whereas the “real” monotone productions as 
well as the A-productions are simulated by communication steps. Clearly, in 
those accepting derivations, the components Gi, i > 2, must behave such that 
the Oi’s are simultaneously rewritten to Si exactly in the moment (tact) when 
the master grammar derives its axiom S. Otherwise, the derivation might be 
blocked, since there is no component which can rewrite any Si, i > 2, but an 
application of a rule (3 ^ Si &t & “wrong moment” does not allow the master to 
derive words which are not in Tgen(G'). 

Hence, Tacc(C) = Lgen(G) = L for the (centralized) PC grammar system P 
both in returning and in non-returning mode. Note that all productions occurring 
in a component of P are accepting context-free and that no A-rules are needed. 

□ 

Unfortunately, by this construction, both the number of nonterminals and 
the number of components in the simulating PC grammar system depend on the 
size of the type-0 grammar to be simulated. We do not know whether or not 
any given type-0 grammar can be simulated by a PC grammar system with a 
bounded number of nonterminals and/or components. 

In conclusion, we list the following relationships between generating and ac- 
cepting PC grammar systems which are can be seen by the results given in the 
present paper and in i, P, P, and El, where the relations of the families of 
generated languages and £(RE) are stated. 

Corollary 1. Let X S {CF,CF— A} and Y S {N, A}. The following relations 
hold: 

(l) £geu(PC*X) = Cacc{PO,X). 

(n) Cgen{XPC,,X) = Cacc{XPC,,X). 

(ill) Lgen{YGVC,, CF-A) c £,,,(UCPC*, CF-A) 

(iv) £gen(PCPC„CF) C £,,,(yCPC„CF) □ 

Note that in case of both generating and accepting PC grammar systems, 
query symbols can be introduced in some sentential form only by rewriting steps 
and they can be replaced only by means of communication. Hence, we can as- 
sume without loss of generality that query symbols never appear on left-hand 
sides of productions of the components. Thus the generative power of generating 
parallel communicating grammar systems is not altered if we restrict to rules 
from N X {N \J K \J T)* . However, if one would already require this restriction 
in the definition of a generating parallel communicating grammar system, then 
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the associated accepting parallel communicating grammar systems would have 
productions from (TV U iV U T)* x TV. It is easy to prove that this restricted form 
of accepting PC grammar systems only accept context-free languages, and trivi- 
ally, any context-free language can be accepted by such an restricted accepting 
PC grammar system. 

3 Analyzing Parallel Commnnicating Grammar Systems 

In this section we follow the other interpretation of analyzing grammars. We look 
for a definition of analyzing PC grammar systems in such a way, that analyzing 
derivations mimic their generative counterparts performing the same derivation 
steps backwards. Our goal is to use exactly the same system in both ways, to 
generate and to analyze a language. The generating and accepting versions of a 
parallel communicating grammar system as considered in the preceding section 
do not satisfy this requirement as one can see from the results and proofs in that 
section. In order to distinguish the grammars considered in this section from 
those considered in the preceding section we call them analyzing grammars. 

We mention a problem arising from the treatment of terminal strings in ge- 
nerating PC grammar systems. If a component generates a terminal string, this 
string remains unchanged through the rest of the derivation. Thus, in the analy- 
zing derivation a terminal string can remain unchanged simulating a generating 
derivation step on a terminal string or it can be changed simulating a genera- 
ting derivation step backwards. This is artificial since by the productions of the 
component in any moment a change is possible. 

In order to eliminate this feature from analyzing derivations we have to eli- 
minate the feature from the generating derivations. Thus we make a slight mo- 
dification in defining derivation steps in the generative mode, a modification 
which will enable us to find analyzing counterparts to each generative deriva- 
tion and vice versa. Therefore the equivalence of the generated and accepted 
language classes will be obvious. After this, we show that the modification of 
the generating derivation step does not effect the power of returning PC gram- 
mar systems in the generative case, so analyzing grammar systems defined this 
way accept the same class of languages that is generated in the conventional 
returning generating mode. 

Let us start with defining the modified derivation step for the generative 
mode. 

Definition 5. Let F = {N, K,T,Gi,G 2 , ■ ■ ■ ,Gn), n > 1, be a generating PC 
grammar system as above, with initial configuration {Si, S 2 , ■ ■ ■ , Sn) ■ The con- 
figuration {xi,X 2 , . ■ • , Xn) directly derives the configuration (yi, j/ 2 j • ■ • , Vn) in 
strong-returning mode, denoted by {xi,X 2 , • . ■ , Xn) (j/i, 2/2) • ■ • ) Vn), if one 

of the following three cases holds. 

1. There is no Xi which contains any query symbol, and there is no Xi which 
is a terminal word, that is, Xi € {N U T)* \ T* for 1 < i < n. Then Xi 2/*- 

2. There is no Xi which contains any query symbol, that is, Xi € (NUT)*, 1 < 
i < n. Then yj = Sj if Xj G T* , and yj = Xj if Xj G (N U T)* \ T* . 
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3. There is some Xi, 1 < i < n, which contains at least one occurrence 
of query symbols, that is Xi = z\Qi^Z 2 Qi 2 ■ ■ ■ ztQitZt+i where Zj G (TV U T)*, 
1 < j < t + 1 and Qi, € K, 1 < I < t. Then yi = Z\Xi^Z 2 Xi^ . . . ztXi^Zt+it where 
Xi,, I < I < t does not contain any query symbol, and yi, = Si,, 1 < I < t. If 
some Xi, contains at least one occurrence of query symbols, then yi = Xi. For all 
i, 1 < * < for which yi is not specified above, yi = Xi holds. 



The first point is the description of a rewriting step, where no terminal strings 
are present among the sentential forms. This is a usual rewriting step known 
from returning PC grammar systems. 

The second point is the description of a derivation step, after at least one 
terminal string appeared among the sentential forms. In this case, the terminal 
strings are changed to the start symbol, the other ones remain the same. 

The third point again is describing a usual returning communication step. 

The language generated by systems in strong-returning mode is defined as 
before, now of course using strong-returning steps during the derivations. 

Again, by we denote the reflexive and transitive closure of . 



Definition 6. Let T = (TV, AT, T, Gi, G 2 . . . , G„) be a (generating) PC gram- 
mar system with master grammar G\, and let {Si, S 2 , ■ ■ ■ , Sn) denote the initial 
configuration of T. The language generated by the PC grammar system T in 
strong-returning mode is 



Lsr{P) = {xi€T* \{Si,S 2 ,..., Sn) ^ {xi, X 2 , ■ ■ ■ , Xn) , Xi € Vf ,2 < i < n} . 

Let the class of languages generated by PC grammar systems in the strong- 
returning mode with context-free components be denoted by £gen(PC*CF, sr). 

As a first result we mention that strong-returning PC grammar systems ge- 
nerate the family of recursively enumerable languages (which is generated by 
returning PC grammar systems, too). 

Lemma 1. £(RE) = £gen(PC*CF, sr). □ 

By reasons of space the proof (which uses earlier results from 0 and the 
concept of rule-synchronization, see m and ini> and a technically demanding 
simulation) is omitted here. 

Now we define analyzing derivations by “turning around” strong-returning 
derivation steps. 

Definition 7. Let P = (TV, K, T, Gi, G 2 , . . . , G„) be a (generating) parallel com- 
municating grammar system as above with axioms Si, 1 < i < n, and let 
{xi, X 2 , ■ ■ ■ , Xn) and {y\,y 2 , ■ ■ ■ ,yn) be two configurations of P. We say that 
{xi, X 2 , ■ ■ ■ , Xn) directly derives {y\,y 2 , ■ ■ ■ ,yn) in analyzing mode, denoted by 
{xi,X2 , . • . ,Xn) (j/i,2/2j • ■ • ,yn), if One of the following three cases holds. 

1. For 1 < i < n, Xi = ziaz 2 for some zi,Z 2 € (TV U T)* , a € (TV U T U K)* , 
yi = ZiXz 2 and X ^ a G Pi. 

2. If Xi G (TV UT)* for 1 < i < n, then either yi = Xi or yi G T* and Xi = Si. 
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3. Let there he at least one j, 1 < J < n, with Xj = Sj. For 1 < i < 
n, if \xi\K > 0, then yi = Xi, and if \xi\K = 0, then either yi = Xi or 
yi = ziQi^Z 2 Qi^ ■ ■ ■ ZtQuZt+i for some zi G (TV U T)*, 1 < I < t + I, and 
some Qi^ G K , 1 < k < t, such that the following condition holds: if yi = 
ZiQi^Z 2 Qi^-ZtQi^zt+i then Xi = Zlyi^Z 2 y^^■■■Zty^^zt+l and yi^ G (TV U T)* and 
for I < k < t. 

The first point is the description of an analyzing rewriting step, each gram- 
mar uses one of its rules “backwards” (therefore analyzing grammars work as 
accepting grammars). 

The second point describes the analyzing counterpart of the strong-returning 
feature: if an axiom is present at some component, it can be replaced with an 
arbitrary terminal string while the other sentential forms remain unchanged. 

The third point describes a communication step, which is possible to perform 
if the sentential form of at least one of the components is its axiom. In this 
case, the other components send subwords of their sentential forms to these 
components (the ones which have the axiom as their current string), and replace 
the subword they have sent, with the appropriate query symbol {Qj for example, 
if the subword was sent to component Gj, for some j, 1 < j < n). According 
to the classroom model this can be interpreted as a distribution of subtasks to 
agents who have finished their assignments and protocolling the distribution by 
the corresponding query symbol. 

By we denote the reflexive and transitive closure of . 

ana ana 

Definition 8. Let F = {N, AT, T, Gi, G 2 , . . . , G„) be a PC grammar system. The 
language analyzed by the PC grammar system F is 

Lana{F) = {xi G T* | (xi, X 2 , . . . , X„) {Si, S 2 , ■ ■ ■ , Sn) , Xi G Vf ,2 < i < n} . 

Let the class of languages analyzed by PC grammar systems with context-free 
components be denoted by £(PC,CF, ana). 

Note the following difference between the generating process (with and with- 
out strong return) or accepting process on one side and the analyzing process on 
the other side. In a generating and accepting derivation the current sentential 
form determines uniquely whether or not a usual derivation step, a derivation 
step with strong return or a communication step has to be done. In an analy- 
zing derivation we have to make a choice what type of step we want to make 
backwards. By our motivation we cannot avoid to choose a derivation step or a 
communication step. On the other hand, if we restrict to parallel communicating 
grammar systems where, for any production, the axiom does not occur in the 
word on the right-hand side, then the generative power of generating systems 
(with and without strong return) is not changed (as one can easily see) and 
in analyzing grammars there is no choice between doing backwards usual and 
strong returning derivation steps. 

Now, from the definitions it can easily be seen that all strong-returning de- 
rivations have an analyzing counterpart, and that, similarly, all analyzed strings 
can be generated in the strong-returning mode. Thus Lsr{F) = Lana{r) holds 
for any PC grammar system F and we obtain the following statement. 
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Lemma 2. £ge« (PC, CF, sr) = £(PC*CF, ana). □ 

Summarizing, we obtain the following theorem. 

Theorem 2. £(RE) = £ge„(PC,CF) = £gen(PC,CF, sr) = £(PC,CF, ana). 

□ 

Note that with respect to analysis we have only considered non-centralized 
returning PC grammar systems. In a certain sense this is natural by the definition 
of strong return. However, we have not taken into consideration analyzing PC 
grammar systems in the centralized and/or non-returning case. 
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Abstract. We provide a translation of Fisher-Honsell-Mitchell’s delega- 
tion-based object calculus with subtyping into a A-calculus with extensi- 
ble records. The target type system is an extension of the system of 
types depending on types with recursion, extensible records and a form of 
bounded universal quantification. We show that our translation is com- 
putationally adequate, that the typing rules of Fisher-Honsell-Mitchell’s 
calculus can be derived in a rather simple and natural way, and that our 
system enjoys the standard subject reduction property. 



1 Introduction 

The theoretical foundations of object-oriented programming have been intensi- 
vely explored in the recent past, the main purpose being to design type systems 
that would be safe, allowing in particular to prevent some run-time errors like 
message not understood, while being at the same time flexible enough to sup- 
port object-oriented programming idioms. This has proven to be actually quite 
difficult. Some early works, following Cardelli’s pioneering paper 0, developed 
encodings of object-oriented constructions into calculi with records. For instance, 
Cook & al. in m proposed an interpretation of class-based programming. In 
their model, an object is the fixed-point of a function (of self) returning a record. 
An object can only be invoked, while inheritance acts on the object’s “genera- 
tor”, by adding or updating fields of the resulting record, and extending the 
scope of the self parameter. The types, based on F-bounded quantification (or 
else higher-order quantification and recursive types, see [El), allow in particular 
to address the property identified as method specialization by Mitchell 1201, by 
which is meant the fact that the type of a method is updated whenever the 
hosting class is inherited. 

Mitchell’s work deals with delegation-based object-oriented programming, 
where a single entity, called a prototype, may be both invoked, by messages 
calling for some methods to be executed, and inherited, to build a new proto- 
type by adding a new method or modifying an existing one. Although this looks 
simpler than the class-based approach, the property of method specialization 
is not easy to obtain in this setting. For this reason, Mitchell & al. proposed 
in a primitive object calculus, with a specific typing construct for proto- 
types, that is not derived from an encoding. Indeed, the authors conclude that 
“[method specialization] seems very dijficult to achieve directly with any calculus 
of records” . Several other primitive object calculi were developed at about the 
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same time by Abadi and Cardelli (see for instance m) to formalize abstractly 
what can be expected from the typing of objects, while avoiding the difficulties 
of discovering adequate encodings in A-calculi with records. Later on however, 
these authors, together with R. Viswanathan P], solved the encoding problem 
for a delegation-based calculus without object extension (hence with no non- 
trivial method specialization), and Viswanathan improved their results in 1211 . 
where the target of the translation is a first-order calculus. 

Our purpose in this paper is to introduce an encoding of Mitchell & al. cal- 
culus, extended with subtyping US], into a A-calculus with extensible records 
equipped with a rich but fairly standard type system, that has been recognized 
as a suitable framework for studying the typing of objects, see usd. We show in 
particular how the typing rules for prototypes can be derived in a natural way. 
The idea of the encoding is very simple. To explain it, let us first come back 
to the difficulty of typing method specialization for prototypes: there are two 
seemingly opposite requirements for types in this setting. One is that, when the 
prototype is invoked, its type should not tell too much, because the prototype 
can be revealed upon invocation, for instance by an identity method. In particu- 
lar, the type should only exhibit the method names that are actually available, 
since otherwise runtime errors could occur. On the other hand, when the proto- 
type is inherited, its type - or more precisely the type of the self parameter - 
should be “open” to potential extensions (see HHI where the authors distinguish 
a “client interface” from the “inheritance interface” for an object). This tension 
is solved in Cook’s model, simply by fulfilling separately these two requirements. 

Then the idea of our encoding is to separate the two usages of a prototype by 
means of record field selection: in our interpretation, a prototype is a recursive 
record with two fields. The first one, that we call inht, contains the current value 
of the prototype generator, that is the function of self that returns the record of 
methods. The other field, called invk, contains the application of the generator to 
the prototype itself. The first field is selected to inherit the prototype, while the 
second is selected to invoke it. We show how to type such a prototype in a system 
involving extensible record types, types depending on types and a limited form 
of bounded universal quantification, thus deriving naturally the typing rules of 
m - or more precisely rules given by Fisher in her thesis m- We also show 
that the subtyping of prototypes proposed in m arises in a very simple way: 
while a “pro” type of a prototype is a record with two fields, the “obj” type only 
contains the field invk, thus allowing a “sealed prototype” to be only invoked. 
The standard subtyping rule for recursive types allows to derive the subtyping 
relations of ESI. 

We think that our interpretation validates, and even justifies the (non-trivial) 
rules designed for primitive type constructors in Fisher and Mitchell’s systems, 
and allows to reuse results that can be established in the target calculus. Bruce 
in 0 has shown that, from a semantical point of view. Cook and Mitchell’s 
models are equivalent. Our interpretation confirms this view from a syntactical 
perspective, and also confirms that Bruce’s matching - that is width subtyping of 
the record of methods 0 ~ is the form of subtyping we need to type extensible 
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objects, as far as the goal is to retrieve Fisher and Mitchell’s systems. Our 
interpretation also shows that it is possible to do a little better, allowing the 
type of an updated method to be specialized to a subtype, by using the standard 
subtyping relation, together with width subtyping which is useful to type self- 
inflicted method update. 

2 The Calculus of Prototypes 

The calculus of prototypes introduced by Fisher, Honsell and Mitchell in m is 
a A-calculus extended with constructions for building prototypes from the empty 
one, namely prototype extension, denoted {P = Q), and method update 
{P I = Q). There is also an operation of method invocation, written P 
In jEj the notation (P e-o £ = Q) is introduced, to mean either {P eT £ = Q) or 
{P ^ £ = Q). Then the evaluation of prototypes mainly consists in the following 
transition: 



There are actually several possible ways to define the evaluation mechanism for 
prototypes. In HH an auxiliary operation is used, which is a combination of 
method extraction and self-application. Moreover, in that paper no distinction 
is made between the two ways of building prototypes, and {P -^ £ = Q) stands 
for prototype extension as well as method update - or override. Since from the 
operational point of view our translation mimics the prototypes exactly as they 
are described in (d, we adopt the syntax of this paper. We assume given a 
denumerable set X of variables, and a denumerable set /C, disjoint from X, of 
keys, or labels, used as method names. We use x, y, z . . . and £, k to range over 
X and /C respectively. The grammar for terms is as follows: 



As usual {£i = Pi,... ,£n = Pn) denotes ((() ^ £\ = P\) ■ ■ ■ •<—£„ = P„). 
The meaning of the auxiliary operation S{P,£,Q) is that it extracts from the 
prototype P the method of name £ and applies it to Q. Due to space limitations, 
we cannot give the rules for evaluation. We denote by eval(P) the (unique) value 
of P, if any. 

There are several versions of the type system for the calculus of prototypes. 
The system presented in H5| is essentially the one of m enriched with a form of 
subtyping. Here we use a simplified version of the system given in Fisher’s thesis 
m- The simplifications are as follows: we adopt the system of Chapter 3 of cni, 
which does not involve variance annotation nor existential quantification, with 
a restriction on the assumptions regarding row variables given below. Moreover, 
we do not take subsumption into account in the simplified system (this will be 



{P<-e£ = Q)<^£ — ^ Q(P<-e£ = Q) 



P,Q... ■.■.= X \ W \ {PQ) 



X-calculus 
method invocation 
subsidiary operation 
values 

empty prototype 
prototype extension/update 



I 

I S(P,£,Q) 



W XxP I O 

O 0 

I {p^i = Q) 
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dealt with in a next section) . Then the typing system we consider here is defined 
as follows. The grammar of kinds, types and rows is 



kind 


T 


1 « 






K 


::= M 


1 T M 


where M = {£ 1 , . 


..,£„} 


T 


£ 1 


(n 7 - 2 ) [pro t.p 







p ::= r I [] I [p, £ : r] | (At.p) | (pr) 

The kind T is that of well- formed types (the only constraint is on prot.p). The 
kind {£i, . . . ,£„} is that of a row which does not contain the keys £i, . . . 

The typing contexts are 

r ::= 0 I r,x: T I r,t::T \ F,r <:„ p 

Notice that an assumption about a row variable r only involves the “width 
subtyping” relation <:w Moreover, in Fisher’s thesis, there is a kind annotation, 
that is the assumption is r <'.w P-'- k', here we omit this annotation since in our 
simplified system this k is always T — >• 0. The type judgements are 

r \- * well-formed context T h p <;„ p' subrow 

r \- T ::T type is well-formed F \- P: r term has type 

F \- p-.: K row has kind 

For lack of space, we omit most of the rules of the system, which are quite 
standard. For instance the only interesting rule for well-formedness of types is 

r, t:: T h p:: M 

F h prot.p :: T 

The interesting rules for typing terms are: 

FhP:prot.p , r, t:: T h p <:„[£: t] 

(empty pro) (pro <=) 

rh():prot.[] r hP4=£: [prof. p/i]r 

where [£•. r] denotes [[],£: r], 

F \- P : pro t.p 
F,t::Tk p::{£} 

F,r <:^ At.[p,£: r] h Q : [prot.(rt)/t]{t t) 

r ^ fv(r) (pro ext) 

r h (P •<— £ = Q) : pro t. [p, £ : r] 

and 

P h P : pro t.p 

P, t:: T h p <:„ [£ : r] 

F ,r <:^ Af.pl- Q: [pro t.(rt) /t](t ^ t) 

r ^ fv(r) (pro over) 

F \- (P ■(— £ = Q) : pro t.p 

(there is also a rule for the subsidiary operation). As we said, there are two 
distinct rules for typing the construction {P -(^ £ = Q). In the first one, the 
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premise , i :: T h p :: {£} indicates that in the prototype P there is no method 
named t, and then this rule allows to type a true extension. On the other hand, 
the premise P , tv. P \- p <-.yj [^:r] says that a method with name t is already 
provided by P, with result type r. Then one may override this method, with 
another one having the same result type. We refer to Ii:ill4l for examples of 
typing. 



3 Encoding Prototypes with Extensible Records 



As a target for our encoding of prototypes, we use a A-calculus enriched with 
extensible records. We also find it convenient to use an explicit fixpoint construct. 
The syntax of the calculus is as follows: 



M, N... 



V 

R 



X \ V \ {MN) 

£\xx.M 

(M.i) 

XxM I R 

D 

[MJ = N] 



A-calculus 
Expoint 
Eeld selection 
values 

empty record 
record extension 



where xGX and £ G /C. For ease of readability, one quite often writes {XxM) for 
XxM, and MN for {MN), and similarly M.l for {M.£). We denote the record 
[• • • [[],£i = Ml] • • •£„ = M„] by [£i = Mi, ...,£„ = M„]. Again, due to space 
limitations, we do not give the rules for evaluation. Let us just say that for 
extensible records we have 

\M,£ = N].£ N 

[M,k^ N].£^ M.l k^l 



We denote by eval(M) the unique value of M, if any. Now we turn to the in- 
terpretation of the calculus of prototypes. To represent a prototype, say for 
instance {£i = Pi, ...,£„ = P„), where the Pi's are functions of the prototype 
itself (usually in the form of a self parameter), we shall use a function returning 
a record 



G = Aself [£i = Ml self , ...,£„ = M„self] 

This is an “object definition” in Cook’s model (see imi), also called “object 
generator” (see |2ld| 1 . As we said in the introduction, in our interpretation of 
a prototype, we separate the two usages we have of it, namely invocation and 
inheritance. This idea of separating the usages of an object is embodied in the 
“split-method” of EE3, but we cannot use this specific approach here because 
the set of methods of a prototype is not fixed once for all. To give our translation, 
let us introduce a notation: we define 

proto =def fixp.Az.[ inht = « , invk = z{pz) ] 

Then the translation |.] from the A-calculus of prototypes to the A-calculus of 
extensible records is given by - omitting the part of the translation that regards 
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the A-calculus, which is trivial: 

10] = proto(Aself []) 

|(P = Q)] = proto(A self [[Pf.inht self, £ = [Q] self]) 

|P^f] = [P].invk.£ 

[S(P,f,Q)] = ([P].inht lQj)I 



In the translation we obviously assume that the name self is not free in the 
source terms. To shorten the notation, we shall replace self by the ordinary A- 
variable x in the sequel. As one can see, our interpretation is very close to Cook’s 
model, separating objects from object generators, with inheritance acting on the 
generators; in particular, extending and updating a prototype are operationally 
the same. There is a difference with Cook’s model, however, since prototypes 
feature runtime extension. A first result we can prove about our translation is 
its operational soundness: 

Proposition (Computational Adequacy) 0.1. A prototype P has a value if 
and only if its translation has a value. More precisely, eval(|P|) = eval(|eval(P)]). 



4 Deriving the Typing Rules 

In this section we show how to derive the typing rules for prototypes. We first 
introduce a type system T for our A-calculus with extensible records. This system 
features arrow types and extensible record types - also called row expressions, 
following 1221 as well as recursive types, types depending on types m and 
a limited form of bounded universal quantification Moreover, we will only 
allow types which are well- formed with respect to a system of kinds. There are 
two basic kinds, □, the kind of record types, and O, the kind of types. Since we 
also have type operators, the syntax of kinds and types is the following: 

□ I O I (k, — >• k) 

r, a... t \ (r ^ a) | [] | [a,£-.T] \ \ (AC.r) | (rcr) | (Vf < r.cr) 

For instance O — f □ is the kind of interfaces, that is functions from types to 
records. In (V< < t.ct), the variable t is bound in cr, but not in r (hence we do 
not have A-bounded polymorphism). Dependent types are used as prototype’s 
interface (see [1411 Hj l. which typically are of the form Af^.[£i : n, . . . , : r„]. 

Bounded quantification is used to model the fact that such an interface may be 
extended. 

The preorder in (Vt < r.cr) is width subtyping (of rows, not records), as this 
is precisely the notion of subtyping one needs in order to derive the typing of 
method specialization (see the comments at the end of this section). We use 
the notation < since our axiomatization of this preorder makes it slightly more 
generous than <:„, of For instance we have [£: t',£: t] < [£■ t], but the first 
of these record types is not even well-formed in Fisher’s system. In our setting, 
we allow a row [[cr, t\ to be well-formed, and this will simplify the type 
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system, but the reader should notice that this is a (width) subtype of [cr, I : r'] 
only if t' = r. The typing contexts of T are as follows: 

r ■■■■= % I r,x: T I r,t < T \ k 

and the type judgements are F \- *, F \- t :: n, F \- t < a, F \- M •. t, with the 
same meaning as above, plus T h r <: cr. In the type system we use a notion of 
type equality, which is the Pii-conversion, denoted =0^- This is the congruence 
generated by the laws: 



{{AF.a)T) =, 3 m [r/tlcr 
=/3m 



All the rules of the system, for well-formedness of contexts, binding of types, 
sub typing judgements F \- t < a and for typing terms, collected in the appen- 
dices, are fairly standard (except perhaps for what regards width subtyping of 
rows). More precisely, system T consists in the rules collected in the first three 
appendices. Let us comment on some of the rules: regarding the subtyping of 
rows, F \- a <[£: t] F \- [a, £: t] < a expresses the fact that if we know 
that a row cr contains an £ field with type t, then extending it with £ : r actually 
does not modify it. This rule will be used for typing method update. One should 
remark that, although in T we have the usual subsumption rule this is of limi- 
ted use, since the only way to infer T h t <: ct in T is by means of the rule 
Tl-T<cr F h T <: a. That is, in T we only have “width subsumption”. 
One should also observe that we have no subtyping rule for bounded quantifica- 
tion. However, using the rules of instanciation, subsumption and generalization, 
one can achieve the same effect. That is, the following inference is valid: 



F h M : (Vt < T.a) , F h t' <1 t , F h a <i a' 
Fh M: (Vt<r'.a') 



(*) 



To see how the typing rules for prototypes are mimicked in our system, let us 
first give some valid inferences. To this end, we introduce some notations. Let 
us define: 



<5 — def O — > □ 

7 =def (O -> □) ^ □ 

7T =def pp^.As'^./io°.[inht: (Vs' < s.ps' —>■ s(ps')) , invk: so] 
c =def At^.(Vs' < t.TVs' -s- t(7Ts')) 

It is easy to see that, for any a: 

(7Ta) =/3m [inht: (<Jcr) , invk: a{7Ta)] 
and therefore the following rule is admissible: 

FhG: ((Jo) 

F h (proto G) : (tto) 



( 1 ) 

(2) 



This holds in particular whenever G = Aself[fi = Mi self,... , = M„self] 

is an object generator, which has type .p) where p = [£i : ti, . . . , : r„], 
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using the assumption that self has type (tts') with constraint s' < (At^.p), and 
that the Mi's have type t — >• n. In this case the type of (proto G) is 

Tr(At^.p) =0^ [ inht : (Vs' < cr.TTs' /t]p) , invk : [Ttcr jt]p] with cr = t\t^ .p 



One can see that invk is a record of type [£i : t(, . . . , : r(j], thus exhibiting only 

the method names that are actually available in the prototype, while inht is a 
function that takes arguments of type ttct' with <j' < cr, that is any possible 
extension to the original prototype, and returns the record of methods “spe- 
cialized” to this extension. Another admissible rule, derived using the law (1), 
is: 



ri-M: (7TO-) , ri-cr< AG.[f:T] 



r h M.invk.f : [TTcr 



(3) 



Again using (1), one can check that for G = Ax[M.inhtx,^ = Nx] the following 
is a valid inference: 



r\- M-. (ttct) , rh cr' < cr , r h A : (Vs < a'. ns [7Ts/f]r) 



ri-G: (Vs < cr'.TTS [cr(7Ts),£: [7Ts/f]r]) 

Now if we try to exploit the rule (2), to build a prototype out of G, we have 
to find a way to replace [a{TVs),£: by cr'(Trs). An obvious solution is 

cr' = At^ .[at,£: r], since then [a{TVs),i: [ns/t]T] a' {ns), and this gives us 
another admissible rule: 

ri-M: (TTcr), n- AG.[o-t,£: r] < cr, T h A : (Vs < AG.[crt, f : r].7Ts [TT s/^Jt) 

7 (4) 

r h (proto Aa;[M.inht x,i = Nx]) : n{At'^ .[at, £ : r]) 

There is another possibility, however, which is cr' = ct and cr < At^ .[£•. r] , since 
in this case the following inference is valid: 

A h cr < AG.[f : t] 



r h [cr(7Ts),£: [7rs/f]r] < a{ns) 



r h TTS ->• [cr(7Ts),f : [7Ts/t]r] < TTs ->• a{ns) 



Using the inference (*) above, this gives us the following admissible rule: 
r^M-.{no) , n- cr < At^.[£: r] , T h A : (Vs < fr.TTs [TTs/^Jr) 

r h (proto Ax[M.inht x,l = Nx ]) : (na) 



(5) 



Now the translation from the simplified version of Fisher’s system sketched in 
Sect. 2 to our type system should be clear. As far as types are concerned, it is 
given by 

[prot.p] = 7r(AG.|p]) 

(the rest is trivial, e.g. |At.p] = At^.|p]). Regarding the kinds, we let |M] = □ 
and |T] = <>• Translating the contexts in the obvious way (where r <:^j p is 
translated into r < |p]), we have: 
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Theorem. If r h M : r can be inferred in the type system for prototypes, 
then |T] h |M] : |r] can be proved in the type system T for the X-calculus with 
extensible records. 

The derived inferences (2) to (5) allow us to retrieve the rules {empty pro), 
{pro <;=), {pro ext) and {pro over) respectively, with a = At^.|p] in the last 
three cases. One should notice that the only use of subsumption we made is 
in deriving the rule {pro over), via the inference (t^). One should also observe 
that our inference (4) is actually slightly more general than the corresponding 
rule {pro ext), since for the premise T h tr < At^ .[at,£: t] to be valid with 
a = At^.|p] there may actually be two cases: either p does not contain the field 
i, in which case we are typing a true extension, as in the rule {pro ext), or p 
does contain the field £, but then it must be, thanks to the axiomatization of 
<, of type r, and this is actually a particular case of inference (5). Remark that 
in the latter the premise regarding N is stronger (a bounded quantification is 
contravariant in the bound) than in (4), and this is needed to type self-inflicted 
update, as in the standard “movable point” object - see m- 

Our result is a completeness result similar to the one obtained by Abadi 
& al. in |3|. Its converse does not hold, for some interesting reasons: there is a 
slight difference in the modelling of prototypes between Fisher-Honsell-Mitchell’s 
calculus and our encoding - or Cardelli’s and Cook’s [T^ models, for that 
matter -, which is that the underlying record representing the prototype is, in 
the former, a record of pre-methods, which are functions of self, while it is a 
record of methods, where the self parameter is free, in the latter. In other word, 
the self parameter is “late bound” in the recursive record or generator model, 
while it is bound earlier - that is, before extension - in Fisher-Honsell-Mitchell’s 
prototypes. Then for instance the prototype 

((() ■4— A: = Aself (seif.f)) ■<— f = A self (seif.f)) 

is not typable in Fisher-Honsell-Mitchell’s type system (see m for a similar 
example), while its translation is typable in our system. In fact, this prototype 
has “semantically” (modulo permutation of fields of different names in a record) 
the same translation as 

(((} <— £ = A self (seif.f)) <— k = A self (seif.f)) 

because both are represented by the “same” generator, and the latter is typable 
in Fisher-Honsell-Mitchell’s calculus. 

Finally, one may notice that, when we specialize the inferences (3), (4) and (5) 
with cr = Af^.|p], where p is supposed to be of record kind, we could reformulate 
these inferences using a preorder introduced by Bruce in and now called 
matching, denoted <^, which may be defined as follows: 

r , t:-. 0\- p:\ a , ri-p<p' 
r h prot.p prot.p' 

Then the reformulated admissible rules would be nothing else than the rules 
recently proposed for Fisher-Honsell-Mitchell’s calculus of prototypes by Bono 
and Bugliesi in 0. As shown by Bruce in 0, matching is precisely the kind of 
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subtyping we need in typing the operations of extension and update on proto- 
types (though the paper actually deals with classes). This explains why we 
need, at the lower level of records, to use width subtyping. 

5 Objects and Subtyping 

As we said, our type system T for the A-calculus of extensible records only 
makes use of a particular form of subtyping. It has been remarked by Fisher and 
Mitchell in (Oj that adding the subsumption rule in the typing of prototypes, 
one actually does not gain anything, since “in pure delegation based languages, 
no subtyping is possible^\ This is easy to explain looking at our translation: one 
easily sees that ^ is invariant in its type parameter (the bound r in Vt < r.a is 
in a contravariant position), and therefore tt is invariant too. For this reason we 
cannot deal with the preorder proposed by Bono and Liquori ^ for the calculus 
of prototypes, nor with the width subtyping of prototypes of fixed size as it is 
done by Abadi and Cardelli in j^, at least if we stick to the translation given 
here - it might be possible to combine it with the translation of PEa, allowing 
their “assembled” objects to be part of the syntax, but this looks a bit ad hoc. 

In a subsequent paper ca, Fisher and Mitchell enriched their calculus by 
distinguishing, at the level of types, prototypes from objects, which are “sealed 
prototypes”. The distinction is that objects feature only method invocation, 
but no extension or update. Then a new type construct obj t.p is introduced 
together with three new rules, which are essentially the following, where the 
typing contexts are enriched with new constraints t <: t: 

r , t <■. t' \- p <: p' r , t <■. t' \- p <\ p' 

r h prot.p <: obj t' .p' F h obj t.p <: obj t' .p' 

F h P : obj t.p , F , t : T h p <:„ [£ : r] 

F h F : [obj t.p/t\T 

Now consider our typing system 'T enriched with subtyping. That is, we introduce 
an extension, called 7<:, of T in which we have a new kind of contexts, namely 
r,t <: T, and new rules for inferring the judgements F h r <: cr - the rules are 
given in the fourth appendix. If we let 

|obj t.p] = CJ(At^.p) where =def As'*. po° .[ invk : so] 



then it is easy to see, using the standard rule for subtyping recursive types, that 
the three rules above can be derived in our system with subtyping. Notice that 
|obj t.p] /it^. [invk: p] and therefore this is essentially what Bruce & al. |Zj 

call the “classical recursive record encoding” (see also § 6.3), which is the 
natural typing of Cardelli’s recursive records |S| . 

Regarding the full type system with subtyping 7<: for our A-calculus with 
extensible records, our main result is type safety. Indeed, we can prove the 
subject reduction property: 



158 



G. Boudol and S. Dal-Zilio 



Theorem (Subject Reduction). If r \- M:t is provable in T<-, and M 
M' then F M : t' is provable in 7 <:. 

Our proof, which, not surprisingly, is quite long and technical, differs from Com- 
pagnoni’s one El; in particular, since we have recursive types, we cannot rely 
on a strong normalization result. However, since we have no subtyping rule for 
bounded quantification, we can make a direct proof, analysing the typing of a 
compound term in typings of its components. 

It is possible to exploit subsumption to gain another typing rule for method 
update, where the type of the method is specialized to a subtype (this is valid in 
Cook’s system, as observed in El). To this end one would use a more standard 
bounded quantification (Vt <: r.a), and then the derived inference (4) could be 
generalized to one involving the premiss F h .[at, £: r] <: cr (a similar remark 
is made by Bruce in |^). To type “self-inflicted” method update however, we 
still need width subtyping <. One may regard this improved system as the right 
one to adopt for typing prototypes. 
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Appendix 1: Well-Formedness of Contexts and Kinding 

ri-T::0 Th* ri-T-.-.K 

0^* (t) (t) (t) 

r , X : T h * r , t :: K h * F , t < r h * 

Pha-.-.D Fh* rhrr.K 

t\: K £ F t <t T £ F 

F\-a::<y F \~ t :: K F\-t::K 

F T :: O , F a :: F \~ * F a :: a , F t :: C 

r \- {t ^ a) O r !-[]::□ F \~ [a,£: t]:: D 

F , t k\- T K F , t :: It \- T :: X 

(t) (t) 

F \- {pF . t) K F \- {AC .t) :: K ^ X 



r \- T :: X ^ T r \- a :: X F , t < t \~ a :: O 

(t) 

r h (ra) :: K F h (Vt < r.cr) :: O 

(t) X 0 dom(r), (t) t ^ fv(F) 

Appendix 2: Width Subtyping 

r \- T, a :: K F\-T<. 9 ,r\- 6 <ta F \~ * 

T = 13^1 o t <T € F 

F \- r <l <j F \- T < (J F \- t < T 

F T < a F T, a :: C> , F t' < T , F a < a' F|-CT::n 

F \- r <: a >(t' Fl-cr<[] 



F \- a < <j' , F \- <j :: a,T :: O 

r' =f3^ T 

r \- t] < \a' ,£•. t'] 



F \- a <[£: t\ 
F \- t] < o 
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-T h CT □ , _r h r, r' :: O 

k ^ i 

r \- [\a,k-. T'],t\ t] < T],k-. t'] 



r , t :: K \- T < a F \~ {to) :: k , F \~ t < t' 

t ^ fv(r) 

F h {AF.t) < (Ar.cr) F h (rcr) < (r'cr) 



Appendix 3: Typing 

7 ^|-* F , X T \- M : a F\-M:r^a,F\-N'. r 

x: T G F 

F\~x:t F \- \xM : t ^ a F\-{MN):a 



F,x:t\- M:t F\- M:[£:t] F \- R: a , F \- M : t 

F h f\xx.M : T F \- MI : t F \- \R,i = M]-.[g,1-. t] 



r \- * F \- t' < T , F \- M : (yt < T.a) F , t <t\~ M : a 

Th[]:[] FGM:[T'/ty F G M : (yt < T.a) 



F\- M-.t , F\- r <:a F \~ M : t , F, F' \~ * 

F\- M: a F , F' M : t 



Appendix 4: Subtyping 

F \- T :: K F \- T :: K F \~ * 

t 0 fv(r) t <: T G F t <: T G F 

F G t:: K F G t <: t 



FG T <-.e , FG e <: a F G r,a O , F G t' <: t , F G a <: a' 

F G T <■. a F G T ^ a <: t' ^ a' 



F G a :: D,T :: O , F G a <: a' , F G t <: t' 
F G [a,l: t] <: [cr', £ : t'\ 



F , t <'■ s G T <■. a , _r , 1 :: K h r :: K , F,s\:KGa::K 

t ^ s 

F G <: fj.s'^.a 



T,t::K|-r<:CT 
FG (AF.t) <: (AF.a) 



F G (ra) :: k , F G t <: t' 
F G (ra) <: (Fa) 
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Abstract. This original method for specifying and checking the se- 
quences of events taking place in process scheduling brings the classical 
syntax-directed approach of compilation to this new area. The formal 
language of scheduling events cannot be specified by BNF grammars, but 
we use instead the Augmented BNF grammars, which combine breadth- 
first and depth- first derivations. Their recognizers feature one or more 
FIFO or LIFO tapes. The basic scheduling policies are covered: FCFS, 
time-slicing, mutex. Combined policies, such as readers/ writers and back- 
ground/foreground, are obtainable by composition. Constraints on the 
minimum number of data structures (i.e. queues) for priority scheduling 
policies may be proved by using a pumping lemma. The construction of 
schedule checkers is presented in the form of augmented LL(1) parsers. 
For scheduling algorithms, such as shortest job first, which depend on 
parameters and in particular on time, a syntax-directed approach is pro- 
posed, which adds semantic attributes and functions to the underlying 
augmented BNF grammar. 



1 Introduction 

This work presents a new syntax-directed approach for specifying and imple- 
menting schedulers, based on grammars. Scheduling, a ubiquitous operation of 
computers, consists in ordering incoming service requests according to some po- 
licy (such as First Come First Served, Round- Robin, or Shortest Job First), 
producing a totally ordered sequence called a schedule. By considering requests 
and services (to be named events) as symbols of an alphabet, a schedule is a 
string of events. The sets of schedules for a given policy can then be viewed as a 
formal language. One can thus consider the scheduling language associated to a 
given policy. We propose to specify scheduling languages by multi- stack-queue 
grammars, a family of grammars and related automata using both stacks and 
queues as their storage [1] [2] [3] [4] [5], much as programming languages are 
defined by BNF grammars. 

Motivation for this investigation: syntax-directed methods and accompany- 
ing parsing techniques have been extremely successful for specifying languages 
and designing their processors. It would be desirable to apply similar techniques 
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to the specification of scheduling algorithms used in operating systems, commu- 
nication/peripheral drivers, protocols, graphic user interfaces, etc. Among the 
potential benefits we foresee: more rigorous description of scheduling algorithms 
than currently found in the literature; a reduced effort for implementing ex- 
perimental scheduling algorithms as parsers, starting from their grammars; the 
possibility to add various functionalities, e.g. tracing, to scheduling algorithms in 
a syntax-directed manner. Returning to the technical problem, it is well-known 
that BNF grammars fall short of the capacity needed to generate the simplest 
scheduling languages. Intuitively this inadequacy is caused by the fact that BNF 
based recognizers, the push-down automata, make use of LIFO storage, whereas 
scheduling algorithms typically require one or more FIFO queues. The use of 
queues in abstract computing devices has been investigated by theoreticians: it 
suffices to mention the queue automaton (called Post machine in [12]), the work 
by Brandenburg on multi-queue machines [1], and by Citrini et alii on real- 
time queue machines [6] . Recently our language theory group introduced a new 
family of grammars [2] [3] [5], involving queues and stacks, called Augmented 
BNF (ABNF), which preserve the important features of BNF grammars, that 
are essential for practical usability. Since such grammars are schemata involving 
queues and stacks, the same data structures engineers use when they describe the 
scheduling policies by other notations, we performed the present investigation 
in order to assess their suitability for modeling schedules. 

We considered the elementary scheduling algorithms found in operating sy- 
stems (e.g. [11] and [13]), and succeeded in specifying by formal grammars all 
the policies that do not involve the computation of process parameters. For the 
latter policies (e.g. Shortest Job First) we propose a syntax-directed approach 
that views process parameters as semantic attributes. Grammars for less ele- 
mentary cases, such as Readers- Writers, can be constructed by a combinational 
approach, using the basic grammars as building blocks and applying language 
transformations. We believe the relationships thus discovered shed a new light 
on the interdependencies between scheduling policies. 

Section 2 introduces ABNF grammars and their recognizers (in [2] [3] [5] the 
formal definitions and essential properties of ABNF grammars and languages 
can be found), and presents the grammars for elementary algorithms. Section 3 
covers more complex scheduling algorithms and highlights the syntactical relati- 
ons between scheduling policies. Section 4 shows a formal result on the minimum 
number of queues necessary for a given scheduling language. Section 5 shows a 
syntax directed schedule checker built as a deterministic parser, and discusses 
the parsing problem. The Conclusion 6 discusses limits and applicability of the 
proposal, and raises some theoretical questions. 

2 ABNF Grammars of Basic Schedulers 

We recall some elementary properties of context-free grammars as the base for 
the analogy that defines the new grammars to be used. Consider a familiar BNF 
grammar G = (V, A, P,S) as defined e.g. in [4]. Without loss of generality the 
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productions of P can be assumed to be in one of the following forms: 

A — >■ &A1A2 . . . Afc and fc > 0 

where 6 is a (possibly null) symbol from the terminal alphabet S and A^ is in 
the nonterminal alphabet V. If b is missing and k = 0 the production becomes 
A — >■ e, with e the empty string. 

The language generated by G, L(G), is the set of terminal strings derived from 
the axiom S by repetitive application of the productions. Gonsidering now the 
recognizer of L(G), a production can be interpreted as the following instruction 
of a pushdown automaton: 

if the next input char is ’b’ and the top symbol of the LIFO tape is ’A’ then 
advance the input head; 
erase ’A’; 

write ’Ai A2 . . . A^.’ onto the LIFO tape. 

Note that if b is missing from the production, the instruction does not check or 
affect the input tape. By applying such instructions to a given string x, starting 
with the axiom S as the tape contents, the string is accepted if the tape is 
empty when the whole string has been scanned. Notice that this recognizer is 
in general nondeterministic, accepts by empty tape and does not have a control 
unit, meaning that it does not make use of internal states. 

The new Augmented BNF grammars are a family including the BNF type 
since they use more general data-structures. Each type of grammar inside the 
family is characterized by the organization (called disposition) of its memory 
tape. As we know the BNF disposition is a LIFO tape, i.e. a push-down Stack 
(shortened S). But the disposition can be a FIFO tape, i.e. a Queue (shortened 
Q), or in general any finite sequence of Q’s and S’s. 

Gonsider now an ABNF grammar with disposition equal to Q, in short a 
Q-grammar. Its productions are written as 

A — >• 6(AiA 2 . . . Afc)g and A: > 0 

to make explicit that the tape is a queue. Similarly, a usual BNF production is 
now written 

A — >■ 6(AiA 2 . . . Afc)s 

The recognizer associated to a Q-grammar is a queue automaton with the fol- 
lowing instruction corresponding to the previous production (as before b can be 
missing from the production): 

if the next input char is ’6’ and the queue head symbol is ’A’ then 
advance the input head; 
erase ’A’ from the queue head; 
write ’A1A2 . . . Afc’ into the queue (FIFO) tail. 

Figure 1 shows the recognizers for a S-grammar and a Q-grammar. The in- 
struction above, combined with the acceptance condition by empty tape, gives 
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a precise operational semantics to Q-productions, but we need to consider how 
such productions can generate a language. This will be gradually explained in 
the next section, as we move into scheduling languages and their grammars. 
Formal definitions are in [4] . 

3 Grammars of Elementary Scheduling Languages 

We show that the languages of the simplest scheduling disciplines are formally 
generated by ABNF grammars, with one queue. Then for convenience we intro- 
duce also a stack and explain how the stack and queue interact in the ABNF 
model. For such simple cases, semantic attributes and functions are not nee- 
ded. The detailed examples are also intended to familiarize the reader with the 
unusual features of breadth- and depth-first derivations of ABNF grammars. 



3.1 First Come First Served 

The simplest kind of scheduler (e.g. in [13]) enforces the FCFS discipline. First 
we introduce the classes of events to be scheduled. 

Arrival: We denote by a symbol in {a, 6, . . .} the arrival of a client requesting a 
service: distinct letters denote different types of requests. 

Service: We denote by a symbol in {a", 6", . . .} the execution of the requested 
service. Execution is assumed to be atomic. In later developments other classes 
of events will be introduced, for modeling non-atomic services. 

Therefore the terminal alphabet is A = {a, 6, ... , a", b” , . . .}. In FCFS scheduling 
clients are serviced in order of arrival, as illustrated in Figure 5. 

In all our examples modeling is based on a non-blocking approach for the 
services given to the processes; for instance the string aba''ab" is not considered a 
valid FCFS schedule because the second request of service a is not satisfied. This 
is not a restriction (the language with a blocking policy is obviously a prefix of the 
language with a non-blocking one) . The language of FCFS schedules is generated 
by the following Q~grammar, with nonterminal alphabet and 

axiom S, called Gq: 

1. S — >■ {SS)q 4. S — >■ e —short for S — >■ (e)q 

2. S ^ a(SA")q 5. A" ^ a"(S)q 

3. S^6(SB")q 6. B" ^ 6"(S)q 

Next we introduce the concept of string derivation. It is important to say that 
only leftmost derivations are considered (i.e. the leftmost nonterminal has to be 
rewritten at each step). Figure 2 depicts the derivation tree corresponding to the 
derivation: 

S ^ (SS)q ^ a(SSA")q ^ a6(SA"SB")q ^ a&(A"SB")q ^ a6o"(SB"S)q ^ 
^ a6a"a(B"SSA")q ^ a6a"a6"(SSA"S)q ^ a6a"a6"(SA"S)q 

aba" ab" {A" S) Q aba" ab" a" (SS )q aba" ab" a" (S) q aba"ab"a" 
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summarized by: S aba” ab” a” . 

It is easy to check that the language generated LpcFS = L(Gq) is the set of event 
sequences associated to the FCFS policy. Notice that production (2) models an 
arrival of request a; the corresponding move of the automaton enqueues the 
nonterminal A”, as a prediction that a service a” will come. By way of the 
breadth-first order of derivation, the enqueued predictions will be serviced in 
FCFS order, as required. 

The language LFCFS is also known as AntiDyck [5], owing its name to the 
fact that it is in some sense the antinomy of the Dyck language (the set of well- 
parenthesized strings), since the pairs {a, a”) and (&, 6") are never well-nested 
inside each other. 

3.2 Separate Generation of Arrivals 

In the previous grammar generation of arrivals is performed by production (1), 
that inserts one or more S’s into the queue, and by (2), that generates the 
terminal a (or b). This simple solution results in non-deterministic behaviour, 
that we wish to avoid (more of that in sect. 4). Therefore we prefer another 
solution that separates generation of arrivals from their processing, by using a 
superior class of ABNF grammars. 

As we mentioned such grammars are classified by their disposition, a string in 
(Q, S)“*', that specifies the ordering of queues and stacks used in the memory tape. 
The disposition SQ is shown in Figure 3 along with the effect of a production. 

The stack will be used as a finite-state device to generate arrivals, an approach 
that will be applied consistently to all schedules. In more advanced schedulers 
the stack will also be used for storing the state of the server (busy, etc.). CpcFS ^ 

1 . S^a{SS)s{A”)Q 

2. S ^ 6(S)s(B")q 

3. S — >■ e —short form for S — >■ (e)s(e)Q 

4. A" ^ a"(S)s -short form for A" ^ (S)s(e)q 

5. B" ^ &"(S)s -short form for A" ^ (S)s(e)q 

Generation proceeds as follows. The nonterminal S generates a string of arrivals 
and stores the corresponding service requests as a string of A” or B” in the 
queue. Then S disappears, using (2), and the first nonterminal, say B”, is taken 
from the queue, which by production (4) generates the event b” and recreates S 
into the stack. From there the same process is iterated. The derivation of aba”b” 
is shown in Figure 4. Notice that the symbols in the queue cannot be rewritten 
until the stack is empty. 

3.3 Round-Robin or Time-Slicing 

In the RR policy each process of type a consumes a series of quanta (in particular 
GPU bursts) of service, denoted by a,. The arrival of a client, i.e. a job request, 
is denoted by {a, b, . . .}; therefore the process associated to client a is specified 
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by the regular expression a{aq)'^ . Service is provided to clients in order of arrival, 
with quanta assigned in turn to all waiting processes, as exemplified in Figure 
5. Here process a consumes three quanta and process b two quanta, but other 
occurrences of say a could take different numbers of quanta. Notice that here 
too several arrivals can occur in a row. 

The grammar can be obtained from Gfcfs by small changes: the nontermi- 
nals A and B in the queue denote pending requests that will generate one or 
more quanta, when they advance to the stack, changing into a nonterminal S 
(productions 4 and 3). Grr : 

1. S^a(5)s(A)Q 

2. S^6(S)s(B)q 

3. S^e 

4. A — >■ aq(S)s(A)q 

A derivation is: 

S o(S)s(A)q o(A)q aa,(S)s(A)Q aaq6(S)s(AB)q 

^ aOg&(AB)q ^ aOg&ag(BA)q ^ aaq6aq6,(S)s(A)q ^ aaqbaqbq{A)Q ^ 
aaqbaqbqaq{S)s ^ aaqbaqbqaq 

Actually one could also write a one queue grammar, but the SQ grammar is to 
be preferred for the reasons stated above. 

3.4 Other Scheduling Disciplines 

Several other scheduling languages can be generated by means of multi-stack- 
queue grammars. Here we give only a short account thereof. 

Service duration and mutual exclusion: Widespread mutual exclusion policies 
prevent two or more clients from simultaneously accessing the same resource. 
This constraint is only meaningful if services lasts a time interval, between the 
start and end events. Here we study the basic mutex case, and in later sections 
we study the readers/ writers discipline. The events occurring in a mutex problem 
are: 



5. B ^ 6g(S)s(B)q 

6. A aq(S)s 

7. B^6,(S)s 



Or , : 


client a, b, 


tts, bs : 


client a, b, 


1 b^ . 


client a, b, 



. . . requests service 
. . . starts service 
. . . ends service 



Mutex schedules are exemplified in Figure 5. Of course any number of requests 
may arrive at any time. A grammar with disposition SQ exists that generates 
this language [4]. 

Cascaded services of decreasing priority: In this priority discipline a client a 
needs two cascaded services, denoted by a' and a" , with the stipulation that the 
second is less urgent than the first service of any other client. Apart from that. 
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services are handled in FCFS order. Such schedules as the one shown in Figure 
5 are generated by the following grammar with disposition QQ [4]. 



1 . S^a{SS)Q{e)Q 

2. S^a(SA')q(A")Q 

3. S ^ &(SB')q(B")q 

4. S^e 



5. A' a'(S)q(e)Q 

6. A" ^ a"(S)q(e)q 

7. B' ^ &'(S)q(e)q 

8. B" ^ 6"(S)q(e)q 



Static priorities: The classical priority discipline for n > 2 priority levels involves 
n classes of clients, ordered by decreasing priority. A client a requests a service 
denoted by a". Services are ordered by priority classes and granted in FCFS 
order within the same class. The n-priority schedule language is denoted by 
PRI„. For simplicity we consider two levels: urgent jobs are denoted by {a, b, . . .} 
and background jobs are denoted by {p, q , . . .}. A typical event string in PRI 2 
is shown in Figure 5. 



S^(SS)q - short for S ^ (S)q(e)q S^e 
S ^ a(SA")q A" ^ a"(S)q 



S^p(S)q(P")q 



P"^p"(S)q 



It is immediate to derive the grammar of PRI 2 (see above) from that of Cascaded 
Priorities, by exploiting a formal closure property of the family of ABNF langu- 
ages: for any disposition d (in particular for d = QQ) the family of d-languages is 
closed w.r.t. any alphabetical mapping. This ability to reuse existing specificati- 
ons (and corresponding implementations) is an attractive feature of the proposed 
approach. 

Combined policies: This family of schedulers (called multi-level queues in [13]) 
apply more articulated policies than the ones so far considered. Typical exam- 
ples are: the combination of priorities with preemption, time-slicing, or mutex. 
We refer to such situations as combined scheduling policies, because they put 
together two or more basic disciplines. We only give a list: Preemption; FCFS 
and Round-Robin; Readers/ Writers; and Multi- level feedback queues (or dyna- 
mic priority) . The details of the various constructions are in [3] : they rely upon 
formal closure properties of the multi-stack-queue grammars. 



4 A Formal Result on the Number of Queues 

We formally prove that priority schedules cannot be generated by a one-queue 
ABNF grammar. In the theory of languages, the pumping lemma is the main tool 
for proving that a language is not context-free. Similar lemmas have been proved 
for subfamilies of ABNF languages. We use the version for Q-grammars from [2]. 
A list over an alphabet S is an ordered set of (possibly empty) strings separated 
by semicolons (a special character not in the alphabet): x = x\] X 2 ', ■ ■ . ; Xr, where 
r > 1 is the number of components of the list. The flattening of the list x 
is the string: x = X 1 X 2 ■ ■ ■ Xr- On a pair of lists: x = x\; X 2 ; . ■ .;Xr and y = 
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yi; 7/2; ■ • ■ ; Vs, we define the following two operations. The merge of x and y is the 
list: merge{x, y) = xiyi; X2y2] • • • ; Xryr', Vr+i] ■ ■ - '^ys'^ir < s (and similarly if r > 
s). Since merge is associative, it can be written with any number of arguments. 
The catenation of x and y is the list defined by: x-y = x\] X2', • . • ; Xr', yi; 7/2; • ■ • ; 2 /s- 
Statement 1 (Pumping lemma for Q-languages) Let L be a ABNF language with 
disposition Q. There exist two constants p and q depending only on L, such that 
for every word t of L, with |t| > p, the following properties hold. There exist 
strings u, x, y, w, z, v G S* and corresponding finite lists u, ■ ■ ■ ,v such that: 

t = merge{u,x»merge{y,w,z),v) where jccT/Tczl < q and xyz^e 

merge{u, x • merge{y, x • merge{y, w,z),z),y) G L 

By this statement we prove the following statement. 

Statement 2: The language PRI2 of two priorities services is not a Q-language. 
Proof: PRI2 contains an infinity of words of the form p"a™(a")"*(p")". Then, 
renaming for clarity the terminal symbols, we can extract the language: L = 
and n non — negative integers} C PRl2- It suffices to prove that 
L is not a Q-language. Suppose by contradiction that L is a Q-language, then 
a long enough string can be decomposed as: rnerge{u,x»merge{y,w,z),v), 
with xyz non-empty string. Let r be the number of components of the list 
merge{u,x»merge{y,w,z),v). Consider the first letter of x • rrierge{y,w, 
if it is not a d. Applying r times the pumping lemma we surely construct a 
list t' where a letter different from d follows a d, hence the string t' is not 
in the language. Then let d be the first letter of a: • merge{y,w, z). After the 
first application of the pumping lemma we increase the number of d’s without 
increasing the numbers of a, b, c's, and again we obtain a string not in the 
language. QED 

Since we know that PRI2 is a Q^-language [ 3 ], it follows that 2 -priority 
schedules can be handled by two - but not by one - queue. We are not aware of 
other formal proofs of this intuitively obvious result. 



5 Schedulers as Parsers 

ABNF grammars can be used to implement schedule checkers in the (parsers). 
At present the theory of parsing for ABNF grammars has not reached the same 
maturity as the one for BNF grammars, so that the account we give is based by 
necessity on examples. 

In a computer system concurrent activities are serialized for execution by a 
scheduler. External events causing interrupt signals, as well as internal events 
(e.g. the termination of a program) are the sources of requests for computing 
services. The scheduler, an essential part of any operating system, provides data 
structures for storing the requests, the states of the tasks, as well as the state of 
the computer, and implements the scheduling decisions in accordance with the 
selected policies. Simple schedulers are included in the real-time kernels, small 
system packages widely used for embedded systems. More complex schedulers 




Modeling Operating Systems Schedulers with Multi-Stack-Queue Grammars 169 



have been developed for the larger operating systems. Concurrent programming 
languages, e.g. Ada or Java, include a scheduler in their run-time support. The 
ubiquitous presence of schedulers warrants a more systematic approach for their 
design. Here we indicate that a scheduler is essentially the parser of the corre- 
sponding scheduling language. 

We model a scheduler as an automaton equipped with queues and stacks, 
taking as input the incoming events, and making state transitions in accordance 
with the prescribed discipline, which is specified by a grammar. Performance 
reasons require the automaton to be deterministic. To be more precise, two 
descriptions of a scheduler are possible, as a recognizer or as a transducer. A 
recognizer is the acceptor of a scheduling language, i.e. a schedule checker; this 
stresses the temporal order of events and actions. A transducer defines a map- 
ping from events to actions. A transducer would be a more realistic model than 
a recognizer, since it describes the algorithm for dispatching, suspending and re- 
suming requests; but for simplicity we decided to focus on the recognizer model, 
in agreement with the established approach to study decision problems. 

Next we present the design method of schedule checkers, by adapting a well- 
known parser generation method in use for compilers. We restrict our attention to 
top-down deterministic LL(1) parsing algorithms, because they are more natural 
to consider for ABNF grammars. It is straightforward to extend the notion of 
LL(1) grammar to our case. Recall that a BNF grammar is LL(1) iff there 
do not exist two distinct leftmost derivations: S — >■ . . . uAv — >■ uav —>■... uzv 
and S uAw — >■ uav' uz'v', where A — >■ a\a' are alternative 

productions, such that the first character of zv and of z'v' is the same. The same 
definition applies to ABNF grammars, provided derivations are taken according 
to the ABNF manner. 

For an ABNF grammar with a tape disposition d in (Q,S)“'", the parser can 
be constructed in the same manner, provided the LIFO store is replaced by 
the FIFO and/or LIFO stores required by the disposition. For instance a SQ- 
grammar requires a stack and a queue. We illustrate this approach by implemen- 
ting a LL(1) parser for the language LMUTEX generated by the SQ~grammar 
GMUTEX, which is reproduced together with the Look-ahead sets: 





Productions 


Look-ahead sets 


I 


S ar(S)s(AsAe)q 


{dr} 


2 


S ^ e 


{dsf -L} 


3 


As as(S)s 


{aj 


4 


As ae(S)s 


{Oe} 



Note that the set of production (2) contains the follow set of S — >■ e, i.e. the 
first character that may follow (2) in some derivation tree. This can be: a^, the 
first character generated by As; and T, the end-marker of the event string. The 
grammar is LL(1) since the look-ahead sets of alternatives 1|2 are disjoint. For 
this grammar the computation of the look-ahead sets is straightforward. The 
computation for generic ABNF grammars is beyond the scope of this paper. 
To implement the parser we use recursive descent for the LIFO store and an 
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external queue for the FIFO store. Other implementations would of course be 
possible, including the use of the system queues provided by operating systems 
for remote procedure calls or by the Ada run-time systems for entry calls. The 
queue is provided with three classic methods: head, enqueue, and isQempty. The 
three syntactic procedures and then the main program are listed in Figure 6. 
The parser is deterministic and clearly operates in linear time. The case when 
the original grammar is not deterministic is briefly discussed in [4]. 



6 Conclusion 

We have demonstrated that formal grammars can be used to specify the basic 
scheduling algorithms found in operating systems. The Augmented BNF model 
preserves the spirit of BNF grammars and is only moderately more complex: 
with some practice ABNF grammars can be written and understood almost as 
easily as context-free ones. The proposed method is compositional: compound 
scheduling policies are obtained by composing basic grammars. Descriptional 
complexity is directly related to the complexity of the scheduling policy. 

Grammars are an operational specification that permits to mechanically con- 
struct language recognizers, in our case schedulers or schedule checkers. In [4] we 
give an example of how to construct a parser for scheduling languages, based on 
multi stack-queue grammars extended with semantic attributes. A systematic 
study of ABNF parsing techniques has still to be done, but some results are 
available for specific tape dispositions [7]. 

We have seen that essentially all CPU scheduling policies which are based 
on events can be modeled by purely syntactic specifications. On the other hand, 
time-driven schedulers require the computation of parameters, that can be con- 
veniently handled by semantic attributes. The classical model of attribute gram- 
mars conveniently fits ABNF grammars. We believe this approach can handle 
any reasonable on-line scheduling policy [4]. 

Related work: we know of very little research on specification of schedulers 
(apart from general methods such as algebraic ones). Hemmendinger [10] pro- 
posed to use the intersection of context-free languages for readers/ writers. In an 
early work [2] we specified schedulers by automata theory, using quasi-real-time 
queue automata. Disregarding the presence of stacks, ABNF grammars are a 
restricted kind of queue automata, that are finite-state machines equipped with 
one or more independent FIFO tapes. The ancestor of the queue machines is 
usually considered to be the Post machine (Manna [12]), which is computatio- 
nally equivalent to the Turing machine. More tractable models, subject to the 
real-time constraint, have been later studied by Brandenburg [1] and by Citrini 
et alii [6]. Floyd and Beigel [8] offer a systematic approach to the study of ab- 
stract machines equipped with various data structures. ABNF are simpler than 
general queue automata because the tape segments have a fixed order and be- 
cause internal states are not allowed (however the first stack can be used for 
storing some state information) . The effect of the simplification is that such Ian- 
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guages can be generated by grammars that in many respects are as convenient 
as the context-free ones. 

On the application side, this research sets the ground for experimenting with 
syntax-directed schedulers. Potentially interesting directions are: algorithms eva- 
luation and experimentation especially for new policies; generation of test suites 
and workloads as strings of scheduling languages; computation of performance 
indicators such as average waiting time; customization of operating system sche- 
dulers. On the theoretical side we hope the formal relationships between schedu- 
ling languages can improve our understanding of scheduling theory, and allow to 
prove properties. It is hoped that, as the classical formal language theory lead, 
after some years, to algorithms for solving practical problems such as compila- 
tion, useful results will be attained using the presented model. 
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Figure 1 : Recognizers of a S 
and a Q-grammar. 




After 

applying 

production 

A^«Ws(5)o 










Figure 3: Recognizers of a 
SQ-grammar 

(i.e. a Stack-Queue automaton). 




Figure 4 - Derivation tree of a FCFS 
schedule for a SQ-grammar. 



a 





First Come First Served (FCFS) 

0, b, a, c, i2g bf Cj 



Mutual Exiusion (MUTEX) 

a p b a" b" p" 



Round Robin (RR) 

a b a' b' a" b" 



Cascaded Serv. of Deer. Priorities 




Static Priorities (PRb) 

Figure 5:Exampies of scheduling traces for various disciplines. 



fxuK;t.±cm Head: procedur^ame 
<he ad>- : ” <name of procedure 
ar. oHe Head of tHe 
queue^; 

^remove Head from queue^ 
eiul Head 



psTocediore As 

if Token ° as tHen 
''get next Token^; 
call S 
else Error 
end if 



procedure enqueue (X: procedureNanie ) 
''insert X into queue^ 
end 

function isQempty: Hooiean 

^return true if queue is eapty^ 
end 

procedure S 

if Token “ as then 
^get next Token^; 
enqueue (As) ; 
enqueue(Aa) ; 
c^l S 

elfie if Token ^ (a., i> then 
''get next Token^ 
else Error 
end if 
end 



pr-ocedure A. 

if Token ~ aa then 
^get next Token^; 
call S 
else Error 
eial if 
end 

program ScHeduler 

Queue: sequence of procedureHame; 
Token: '•input event^ 
be^.n 

''get next Token^; 
call s 

while not isQeapty do 

call Head — i.e. tHe procedure 
named on tHe Head 
o £ tHe queue 




Figure 6: Exampie of parser as a scheduler. 
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Abstract. An iterative array is a line of interconnected interacting fi- 
nite automata. One distinguished automaton, the communication cell, is 
connected to the outside world and fetches the input serially symbol by 
symbol. We are investigating iterative arrays with an alternating com- 
munication cell. All the other automata are deterministic. The number 
of alternating state transitions is regarded as a limited resource which 
depends on the length of the input. 

We center our attention to real-time computations and compare alterna- 
ting lAs with nondeterministic lAs. By proving that the language families 
of the latter are not closed under complement for sublogarithmic limits it 
is shown that alternation is strictly more powerful than nondeterminism. 
Moreover, for these limits there exist infinite hierarchies of properly in- 
cluded alternating language families. It is shown that these families are 
closed under boolean operations. 



1 Introduction 

Devices of interconnected parallel acting automata have extensively been investi- 
gated from a language theoretic point of view. The specification of such a system 
includes the type and specification of the single automata, the interconnection 
scheme (which sometimes implies a dimension to the system), a local and/or 
global transition function and the input and output modes. One-dimensional 
devices with nearest neighbor connections whose cells are deterministic finite 
automata are commonly called iterative arrays (lA) if the input mode is sequen- 
tial to a distinguished communication cell. 

Especially for practical reasons and for the design of systolic algorithms a 
sequential input mode is more natural than the parallel input mode of so-called 
cellular automata. Various other types of acceptors have been investigated under 
this aspect (e.g., the iterative tree acceptors in [7]). 

In connection with formal language recognition lAs have been introduced in 
[6] where it was shown that the language families accepted by real-time lAs form 
a Boolean algebra not closed under concatenation and reversal. Moreover, there 
exists a context-free language that cannot be accepted by any d-dimensional 
lA in real-time. On the other hand, in [5] it is shown that for every context- 
free grammar a 2-dimensional linear-time lA parser exists. Compared with e.g., 
Turing machines there are essential differences in the recognition power. For 
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example, the language of palindromes needs a lower bound of n? time steps for 
Turing machines but is acceptable in real-time by lAs. 

In [8] a real-time acceptor for prime numbers has been constructed. Pattern 
manipulation is the main aspect in [1] . A characterization of various types of lAs 
by restricted Turing machines and several results, especially speed-up theorems, 
are given in [9, 10, 11]. 

Various generalizations of lAs have been considered. In [12] lAs are studied in 
which all the finite automata are additionally connected to the communication 
cell. Several more results concerning formal languages can be found e.g., in [13, 
14, 15]. 

Sometimes completely nondeterministic arrays have been studied. In [4] ar- 
rays with restricted nondeterminism have been introduced. There it has been 
shown that the number of nondeterministic transitions can be reduced by a 
constant factor and that there exists an infinite hierarchy of properly included 
language families for necessarily sublogarithmic limits. Some closure properties 
for such families are given. 

Here we continue the work initiated in [4] by making a further generalization 
step. We introduce arrays with restricted alternation. Our interest focuses on 
the question how much alternation is required, if at all, to enhance the power 
of a particular (nondeterministic) class. Thereby we are trying to identify the 
power and limitations of commonly known iterative arrays. In order to define 
alternations as limited resource we restrict the ability to perform alternating 
transitions to the communication cell, all the other automata are deterministic 
ones. Moreover, we limit the number of allowed alternating transitions which 
additionally have to appear at the beginning of the computation. Our attention 
is centered on real-time computations. 

The basic notions and the model in question are defined in the next section. 
Section 3 is devoted to technical results mainly. By generalizing a method in 
[6] an equivalence relation is used to define a necessary condition for real-time 
languages. Another result states that for a given alternating iterative array one 
can always find another one that accepts the same language and that uses exis- 
tential and universal states by turns at every time step. In Section 4 the closure 
under Boolean operations is investigated. Comparing alternating iterative arrays 
to nondeterministic ones for sublogarithmic limits in Section 5 it is shown that 
the former are strictly more powerful. The properness of the inclusion is proved 
at the hand of different closure properties. In particular the nondeterministic 
families are not closed under complement, a question left open in [4]. Finally 
we obtain infinite hierarchies of properly included language families varying the 
amount of allowed alternation. 

2 Model and Notions 

We denote the positive rational numbers by Q+, the integers by Z, the positive 
integers {1, 2, . . .} by N, the set N U {0} by Ng and the powerset of a set S by 
2‘®. The empty word is denoted by e and the reversal of a word w by w^. 
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An iterative array with alternating communication cell is an infinite linear 
array of finite automata, sometimes called cells, each of them is connected to 
its both nearest neighbors to the left and to the right. For our convenience 
we identify the cells by integers. Initially they are in the so-called quiescent 
state. The input is supplied sequentially to the distinguished communication 
cell at the origin. For this reason we have two local transition functions. The 
state transition of all cells but the communication cell depends on the actual 
state of the cell itself and the actual states of its both neighbors. The state 
transition of the communication cell additionally depends on the actual input 
symbol (or if the whole input has been consumed on a special end-of-input 
symbol). The finite automata work synchronously at discrete time steps. Their 
states are partitioned into existential and universal ones. What makes a, so 
far, nondeterministic computation to an alternating computation is the mode of 
acceptance, which will be defined with respect to the partitioning. More formally: 

Definition 1. An iterative array with alternating communication cell (A-IAj 
is a system (S', 6, 6nd, sq, #, A, F), where 

1. S is the finite, nonempty set of states whieh is partitioned into existential 
Se and universal S„ states: S = Sg U S„, 

2. A is the finite, nonempty set of input symbols, 

3. F C S is the set of accepting states, 

4- So & S is the quiescent state, 

5. A is the end-of-input symbol, 

6. 6 : ^ S is the deterministic local transition function for non-communi- 

cation cells satisfying 6 (sq, sq, sq) = sq, 

7. ^„d:S3x (AU{#})^2^ is the local transition function for the communi- 
cation cell satisfying Vsi, S 2 , S 3 G S, a G A U {#} : ^nd(si, S 2 , S 3 , a) 7 ^ 0- 

Let A4 be an A-IA. A configuration of Ai at some time t > 0 is a description of 
its global state, which is actually a pair (w,Ct), where w G A* is the remaining 
input sequence and c* : Z ^ S is a mapping that gives the actual states of the 
single cells. The configuration (w,Co) at time 0 is defined by the input word w 
and the mapping co{i) '■= Sq, i G 1, while subsequent conhgurations are chosen 
according to the global transition And- Let {w, c) be a configuration then the 
possible successor configurations {w',c') are as follows: 

{w' ,c') G And{{w,c)) c'(z) = ^(c(z - l),c(i),c(z -k l)),i G Z \ {0}, 

c'(0) G 5„d(c(-l),c(0),c(l),a) 

where a = # and w' = e if w = e, and a — wi and w' = W 2 • • -Wn if tc = 
W\ - ■ -Wn- Thus, the global transformation And is induced by 6 and bnd- The 
z-fold composition of And is defined as follows: 

:= {(w^,c)}, Z\(+^((w,c)) := |J And{{w' ,c')) 



The evolution of Ai is represented by its computation tree. 
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The computation tree of M under input w € A+ is a tree whose 

nodes are labeled by configurations. The root of Tm,w is labeled by {w, Cq). The 
children of a node labeled by a configuration (rc,c) are the nodes labeled by 
the possible successor configurations of {w,c). Thus, the node {w,c) has exactly 
\And{{w,c)) \ children. 

A configuration (w,c) is accepting iff c(0) G F, it is universal iff c(0) G Su 
and it is said to be existential iff c(0) G Se- 

In order to define accepting computations on input words we need the notion 
of accepting subtrees. 

Definition 2. Let M. = (S', 5, so, #■, A, T) he an A-IA and Tm,™ be its com- 
putation tree for an input word w G A”, n G N. A finite subtree T' oJTm,w is 
said to be an accepting subtree iff it fulfills the following conditions: 

1. The root ofT' is the root ofTM,w 

2. If a non-leaf node of T' is labeled by an universal configuration then all its 
successors belong to T' . 

3. If a non-leaf node ofT' is labeled by an existential configuration then exactly 
one of its successors belongs to T' . 

4- The leafs ofT' are labeled by accepting configurations. 

From the computational point of view an accepting subtree is built by con- 
sidering one possible successor (a guessed successor) if the communication cell 
is in an existential state and by considering all snccessors if the communication 
cell is in an universal state. 

Now we are prepared to define the language accepted by an A-IA. 
Definition 3. Let M = {S, 6 , 6 nd, sq, #, A, F) be an A-IA. 

1. A word w G A+ is accepted by M. iff there exists an accepting subtree of 

■ 

2. L{M) = {re G A+ | w is accepted by M} is the language accepted by M.. 

3. Let t : N ^ N, fin) > n, be a mapping. Iff for all w G L{M) there exists an 
accepting subtree of Tm,w the height of which is less than t(|rc|), then L is 
said to be of time complexity t. 

An A-IA At has a nondeterministic communication cell if the state set con- 
sists of existential states only. An accepting subtree is now a list of configurations 
which corresponds to a possible compntation path of At. Iterative arrays with 
nondeterministic communication cell are denoted by G-IA. 

A G-IA is deterministic if ^nd(si, S 2 , S 3 , a) is a singleton for all states Si, S 2 , 
S 3 G S and all inpnt symbols a G Au{#}. In these cases the course of computation 
is unique for a given input word w and, thus, the whole computation tree is a 
list of configurations. Deterministic iterative arrays are denoted by lA. 

If the state set is a Gartesian product of some smaller sets S = Sq x Si x 
■ ■ ■ X Sr, we will use the notion register for the single parts of a state. The 
concatenation of a specific register of all cells forms a track. 
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The family of all languages which can be accepted by an A-IA with time 
complexity t is denoted by Jft(A-IA). In the sequel we will use a corresponding 
notion for other types of acceptors. If t{n) equals n + 1 acceptance is said to be 
in real-time and we write Jfrt(A-IA). The linear-time languages Jfjt(A-IA) are 
defined according to Jfjt(A-IA) := Ufc6Q+,fe>i -S^fe n(A-IA). 

There is a natural way to restrict the alternation of the arrays. One can limit 
the number of allowed alternating state transitions of the communication cell. 
Note, here we do not limit the number of alternations (i.e., transitions from an 
universal to an existential state or vice versa) but the number of time steps 
at which alternating transitions may occur. For this reason a deterministic local 
transition function 6d ■ (Au{#}) ^ S for the communication cell is provided 

and the global transition induced by 6 and 6d is denoted by Ad- Let / : N ^ Nq 
be a mapping that gives the number of allowed alternating transitions dependent 
on the length of the input. 

The resulting system (5, 6, 6nd, Sd, Sq, #, A, F) is a /A-IA (/ alternating lA) if 
starting with the initial configuration (w,cq) the possible configurations at some 
time t are given by the global transition as follows: 

{(w,co)} if t = 0, A*^^((w,co)) if t < f{\w\) and 

[J ((tc', c')) otherwise 

{w' 

Observe that all alternating transitions have to be applied before the determi- 
nistic ones. Up to now we have / not required to be computable at all. Of course 
for almost all applications we will have to do so but some of our general results 
can be developed without such a requirement. 

3 Equivalence Classes and Normalization 

Definition 4. Let L C A* be a language over an alphabet A and I G N &e a 
constant. Two words w and vJ are ^-equivalent with respect to L iff wwi G 
L w'wi G L for all wi G AK The number of ^-equivalence classes of words 
of length n with respect to L are denoted by N{n, I, L) (i.e. Irctql =n). 

The following lemma gives a necessary condition for a language to be real- 
time acceptable by an /A-IA. 

Lemma 5. Let / : N ^ Nq, /(n) < n, be a mapping. If L G TFrt{fA-lK) then 
there exist constants p, q G N such that N{n, I, L) < . 

Proof. Let M = {S, 6, 6nd, 6d, sq, #, A, F) be a real-time /A-IA which accepts L. 
We define q := max { S 2 , S 3 , a)| |si,S 2 ,S 3 G S', a G A}. 

In order to determine an upper bound to the number of ^-equivalence classes 
at first we consider the possible configurations of A4 after reading all but I input 
symbols. The remaining computation depends on the last I input symbols and 
the states of the cells — Z — 1, . . . , 0, . . . , i -I- 1. For the 21 + 3 states there are 
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|^|2i+3 different possibilities. Let pi := then due to • \S\^ = 

(|S'|^)* • IS'P < (|S'P)* • (l-Sp)* = (|S'P • \S\^y = p[ we have at most p{ different 
possibilities. 

Now we consider the computation trees of A4 . Since the number of alternating 
steps is bounded by /(n) in each computation tree there are at most internal 
nodes that are labeled by existential or universal configurations (all the others 
are part of the deterministic computation) we have to distinguish 2'^ different 
labelings. Each computation tree of finite height has at most leafs. Each 
leaf at level n—l can be labeled with one of the p\ different configurations. Since 
the number of equivalence classes is not affected by the last I input symbols 
altogether one can distinguish different computation trees of 

height n—l. Correspondingly, there are at most • 2^^'"' classes. For a 

suitable p G N this is less than ' . □ 

If At is a /G-IA for the number of equivalence classes we need not to take 
the labelings into account. Thus, we obtain less than p^^ classes. 

Now we are going to extend the previous lemma. The question is how the 
number of ^equivalence classes is affected if we concatenate each word of L by 
another arbitrary I symbols from A. 

Lemma 6. Let / : N ^ Nq, /(n) < n, be an increasing mapping that satisfies 
/(2n) < 2/(n). If the number of I- equivalence classes with respect to a language 
L C A* is not bounded according to Lemma 5 then L»A ^ Jfrt(/G-IA). 

Proof. At first we prove N{n + t + 1, 2 G + 1, L»A) = N{n, I, L). 

From wwi G L for an arbitrary wi G A it follows wwi»w[ G LuA for all 
w[ G A and w'wi G L. From w'wi G T it follows w'wi»w[ G L»A for all w[ G Ab 

Conversely, let w and w' be {21 + l)-equivalent with respect to L»A. From 
wwi»w[ G L»A for an arbitrary w & A and all w'l G A it follows wwi G L and 
w'wi»w'i G L»AK From the latter we obtain w'wi G L. 

Secondly, there exist n and I such that we have N{n, I, L) > for every 

p, g G N , since the number of ^equivalence classes with respect to L is not 
bounded according to Lemma 5 (i.e., L ^ Jfrt(/G-IA)). 

On the other hand, a real-time /G-IA can distinguish at most ' 

equivalence classes with respect to L»A . Since Z < n it follows < 

p(2-'+i)'?'^‘"’ < < N{n, I, L) = N{n + l + l,2-l + l, L»A). 

Thus, LuA’’ ^ Jfrt(/G-IA) by Lemma 5. □ 

In order to reduce the technical effort for proofs it is often useful to be 
able to start with devices that meet a certain normal-form. For our purposes 
it is convenient to consider iterative arrays which are alternation normalized as 
follows: So G Se and V Si, S2, S3 e S,a e Au{#} : 6nd{si,S2, S3, a) C Se if S2 G S'„ 
and 6 nd{si,S 2 ,S 3 ,a) C Su if S2 G Se- 

Thus the communication cell changes continually from an existential state 
into an universal state and vice versa. 
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Lemma 7. Let / : N ^ Nq, /(n) < n, and 7 : N ^ N, t{n) > n, be two 
mappings. If L G Jft(/A-IA) then exists an alternation normalized /A-IA which 
accepts L with time complexity t. 

Proof. The proof can be found in [3] . 

4 Closure under Boolean Operations 

Lemma 8. Let / : N — > Nq, /(n) < n, and f : N — > N, f(n) > n, be two 
mappings. Jft(/A-IA) is closed under union and intersection. 

Proof. Let A4i and At 2 be two t-time /A-IAs. By Lemma 7 we may assume 
that A4i and Al 2 are alternation normalized. Due to the normalized behavior 
we can construct a t-time /A-IA A4' that simulates A4i and At 2 on different 
tracks in parallel. It is easy to see that the computation tree of A4' contains an 
accepting subtree if AIi 01 M 2 accept simply by considering the corresponding 
track only. The closure under union follows. 

In order to find an accepting subtree for the intersection we have to use the 
successor that contains guesses of AIi and AI 2 which lead to acceptance in exis- 
tential steps, respectively. Clearly in universal steps all successor configurations 
of M' contain all successor configurations of AIi and At 2 and vice versa. The 
closure under intersection follows. □ 

The comparison between nondeterministic and alternating lAs in the next 
section is done at the hand of closure under complement. It is easy to prove the 
closure of A-IAs but hard to disprove it for G-IAs. Here is the easy part: 

Lemma 9. Let / : N ^ Nq, /(n) <n,b^o, mapping then Jf^t(/A-IA) is closed 
under complement. 

Proof. The meaning of an existential transition is that there must exist one 
successor configuration which leads to acceptance. In order to accept the com- 
plement this can be replaced by the meaning that all successor configurations 
do not lead to acceptance. On the other hand, the meaning of an universal step 
that all successors must lead to acceptance can be replaced by the meaning that 
one successor does not lead to acceptance. The negation in the new meaning is 
simply realized as follows: if the communication cell has consumed the whole 
input it now accepts if it would have rejected before and vice versa. Thus, final 
and non-final configurations are exchanged. □ 

5 Alternating Hierarchy 

5.1 Comparison with Nondeterministic Iterative Arrays 

In the following we incorporate some results of a previous work [4] concerning 
lAs with nondeterministic communication cell. 




180 T. Buchholz, A. Klein, and M. Kutrib 



In order to define an important language let / : N Nq be an increasing 

mapping such that / G o(log). We define another mapping : N — ^ N by 

h{n) := It is increasing since / is. Moreover, since / G o(log) for all 

fc G Q+ it holds lim„^oo = lim„^oo 2 iog(n)-fc = 0 and therefore h G o{n’^). 
Especially for fc = b it follows that the mapping m{n) := max{n' G Nq | 

{h{n) + l) ■ ( n' + l) < n} is unbounded, and for large n we obtain m{n) > h{n). 

The following language depends on / only. 

Lf := • • • %Wjty<t | 3 n G N : j = h{n) A Wi G {0, 1}'"!"), I < f < j, 

A r = n — (/i(n) + 1 ) • (m(n) + 1) 

A B 1 < i' < j : Wi/ = y^} 

The words of length n of Lf consist of subwords Wi and one subword y 
which is the reversal of one of the Wi. The number of subwords is fixed for a 
given n. The lengths of the subwords is as large as possible. 

The next theorem follows immediately from a theorem shown in [4] in order 
to prove a nondeterministic hierarchy. 

Theorem 10 . Let / : N ^ Nq and g : N ^ Nq &e two increasing mappings sueh 
that f G o(log) and g G o(/) then Lf G ^rtifG-lA) and Lf ^ ^rt{gG-lA). 

Since for g G o(/) the language Lf is not a real-time 5 G-IA language but, on 
the other hand, it can be accepted in real-time by a /G-IA, and the number of 
guesses can be reduced by a constant factor [4] one obtains the following corol- 
lary. Moreover, it holds for A-IAs too, since our approximation of the numbers 
of equivalence classes are identical regardless of whether or not nondeterministic 
or alternating lAs are in question: 

Corollary 11. Let / : N ^ Nq and g : N ^ Nq 6e two inereasing mappings sueh 
that f G o(log) then Lf G L/frtigG-lA) g G f?(/) and Lf G L/frtigA-lA) 

The next theorem is the main result of the present section. It states that under 
some preconditions the real-time alternating lAs are strictly more powerful than 
the real-time nondeterministic lAs. For the proof we need a closure property 
concerning marked iteration. 

Definition 12. Let L be a language over an alphabet A and • ^ A he a distin- 
guished marking symbol. The language (T*)’’" is the marked iteration of L. 

Here we have to require / to be in some sense computable. This can be done 
in terms of deterministic real-time lA languages. It should be mentioned that 
the family Jfrt(IA) is very rich. 

Theorem 13 . Let / : N Nq 6e an increasing, unbounded mapping such 
that f G o(log) and | 772 g Hsl} g Jf^j(IA) then Afrt(fG-lA) c 

^rtifA-lA). 
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Proof. Since a /G-IA is just a /A-IA with only existential states we have the 
inclusion .Sfrt{fG-lA) C ^^(/A-IA). 

It remains to show Jfrt(/G-IA) ^ Jfrt(/A-IA). The idea is to prove the 
inequality at the hand of different closure properties. 

By Lemma 9 the family Jfrt(/A-IA) is closed under complement. We are 
going to show that Jfrt(/G-IA) is not closed under complement. 

In order to do so suppose Jfrt(/G-IA) is not closed under marked iteration 
which will be shown by Lemma 14. 

Let L G Jfrt(/G-IA) be a language over an alphabet A. If L does not belong 
to Jifrt{fG-lA) we are done. 

Assume now Jfrt(/G-IA) is closed under complement and let A4 be a /G-IA 
that accepts L in real-time. Now we construct a real-time /G-IA Ai' that accepts 

(L>) + . 

In [2, 4] the real-time simulation of stacks by deterministic lAs has been 
shown. Thereby the communication cell contains the symbol at the top of the 
stack. We will use the ability of lAs to simulate such data structures at the 
construction. 

One deterministic regular task of A4' is to check whether the input is of the 
form Xi»X2^ ■ ■ ■ •Xk* where Xi G A+, 1 < i < fc. All words that do not fit this 
form are accepted. 

A word Xi»X 2 *- ■ ■•Xk» belongs to {L»)+ iff at least one Xi, 1 < i < k, be- 
longs to L. In order to accept such words Ai' simulates A4 on Xi directly and 
additionally during its nondeterministic steps the /(|a;i|) nondeterministic steps 
of A4 on input Xi for i > 1. Since / is increasing Ai' has at least as many nonde- 
terministic steps as Ai. The guessing is done by choosing nondeterministically 
one of the (finite) local transition functions at each time step and pushing it 
onto a stack. 

When the direct simulation of Ai on Xi succeeds the job of Ai' is done. 
Otherwise it starts the following task every time a • appears in the input. 

A signal is sent through the stack which copies the content of the stack to a 
second stack cell by cell. Additionally, Ai' simulates Ai on the next subword Xi. 
In order to simulate a nondeterministic step one mapping is popped from the 
second stack (leaving the first stack unchanged) and is applied to the local con- 
figuration. So the communication cell can simulate a nondeterministic step of Ai 
deterministically by applying a previously nondeterministically determined de- 
terministic local transition. Again, if one of the simulations succeeds Ai' accepts 
otherwise it rejects. 

Up to now we kept quiet about a crucial point. The number f{\xi\) of sim- 
ulated nondeterministic transitions may be incorrect. Therefore, the decision of 
Ai' depends on corresponding verifications additionally: In order to perform this 
task an acceptor for the language L' = | jtj g [|vj} is simulated 

in parallel whenever a • appears in the input. Thereby an input symbol a is 
assumed for each nondeterministic step (up to the guessed time f{\xi\)) and an 
input symbol b for each deterministic step (up to the end of input Xi). So the 
number x resp. y of simulated nondeterministic resp. deterministic transitions 
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corresponds to a word belonging to L' iff there exists an m G N such that 
X = f{m) and y = m — f{m). Thus, iff |a;i| = x + y = f{m) + m— f{m) = m. 

Altogether A4' accepts {Lu)+ in real-time. 

Since we have assumed that JifrtifG-lA) is closed under complement it fol- 
lows G ^rt(fG-lA). But we have supposed Jifrt{fG-lA) is not closed 

under marked iteration. From the contradiction it follows that Jf?-t(/G-IA) is 
not closed under complement if Jf?.t(/G-IA) is really not closed under marked 
iteration. This will be proved in the next theorem. □ 

The next lemma has already been used to prove a previous one. 

Lemma 14. Let / : N ^ Nq 6e an increasing, unbounded mapping such that 
f G o(log) and | ^ G N} G Jfrt(IA) then Jfrt(/G-IA) is not 

closed under marked iteration. 

Proof. By Theorem 10 T/ belongs to Jfrt(/G-IA). Now we are going to show 
that the marked iteration of Lf does not belong to Jfrt(/G-IA) from 

which the lemma follows. 

Assume in contrast there exists a /G-IA A4 = {S, . . .) which accepts (T/*)+ 
in real-time. We consider words a;i*a; 2 * • • • •Xk* G (T/*)+ for a A: G N. Let Xk be 
an arbitrary word in Lf and Uk be its length: Uk ’■= \xk\. Since m is an unbounded 
mapping we can find a smallest G N such that m{ni) > \xi*Xi+i* ■ ■ ■ •Xk»\ 
respectively, for 1 < i < fc — 1. Obviously, there exist words of length Ui in Lf. 
Let Xi be one of them respectively. For the lengths k of the subwords Xi» ■ ■ ■ Xk» 
we obtain Ik = Uk + 1 and for 1 < i < fc — 1: -I- 1 -b h+i. 

In what follows let kj be appropriated constants. Since h{ui) < m{ni) and 
r* < m{ni) it holds Ui = [m{ni) + l) (/i(n*) -b l) -b r* < [m{ni) -b l)^ -b mijii) < 
ks • m{niY . For h we obtain: 

h = Xi + {h{ni) -b l) (rn{ni) -b l) + 1 + h+i 

^ k^ * {j^infj * li+i -b 1^ -b 1 -b siuce Xi ^ minfj ^ A :5 • 

< fce • h{ni) ■ k+i 

< fcg • h{kr • if^i) • k+i 

<K-ihi k+i since h{n) G o(rf^’^) for all e G Q+ 

It follows l\<k'Y' <■■■ <k{ - . . . ■ k'^_^ ■ 

If we choose e G Q+ such that (1 -b < 2 then for large n we obtain that 
h<\-ll^\-{nk + l?<nl. 

Thus for processing X\u ■ ■ ■ Xk* Ai performs at most f{n\) nondeterministic 
transitions. Since / G o(log) there exists fci G N such that k\ ■ f{nk) > f{n1) 
for large n^. Therefore, for large n at most ki ■ f{nk) nondeterministic steps are 
performed by M. (note that k\ does not depend on k). 

Now we consider the equivalence classes that appear if we cut x\» - ■ ■ Xk» after 
the first symbol ct in Xi respectively. Since X 2 » • • • Xk» is at most as long as the yi 
in Xi we have A'da:!* • • • Xfc*|, 2|yi | -bl, different equivalence classes for 
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the cut in X\. By Lemma 6 this number equals iV(|a;i|, L/). By Corollary 

11 there exists a constant such that at least • f{ni) guesses are necessary 
in order to accept languages with such a number of equivalence classes. Define 
Qm ■= rnax{|5„d(si, S2, S 3 j o)| | si,S2,S3 G S, a G A}. Thus, the computation of 
M on input contains at least different paths. 

Now we consider all computation paths of A 4 . For all X\ G Lj there exists a 
class of paths that are accepting for words of the form X\* - ■ ■ Since for compu- 
tations on X\» there are at least /("d different paths we have now at least 
classes. 

If we cut Xi»---Xk» after the first symbol $ in X2, again, it results in 
iV(|a;i*a;2|, I2/2I, i/) equivalence classes for which k2 ■ /(H2) different computa- 
tions paths are necessary. These paths are all in the same class for Xi. Therefore, 
every class contains at least paths. Since at least Qm classes are 

disjoint there are at least • 9m different paths. 

Proceeding inductively we conclude that there are at least qm 
^^■f(rik) ^ different paths. To realize the paths M at least needs to 

perform k ■ k2 ■ f{nk) nondeterministic steps (here we need > 1 what follows 
since / is unbounded). For a k such that k ■ k2 > fci we get a contradiction 
because M performs at most k\ ■ f{rik) nondeterministic transitions. □ 

Corollary 15. Let / : N ^ Nq &e an increasing mapping such that f G o(log) 
then Jfrt(/G-IA) is not closed under complement. 



5.2 The Hierarchy 

In [4] the following nondeterministic hierarchies have been shown: Let / : N — > 
No, / € o(log), and 9 : N — > Nq, g G o{f), be two increasing mappings such that 
Vm, n, G N : /(m) = /(n) g{m) = g{n). li L — | m G N} 

belongs to the family Jf;t(IA) then Jfrt(9G-IA) C Jfrt(/G-IA). 

By the results of the previous subsection we obtain an alternating hierarchy, 
too. 

Theorem 16. Let / : N — > Nq, / G o(log), and 9 : N ^ Nq, 9 G o(/) be two 
increasing mappings such that Vm,n, G N : /(m) = /(n) g{m) = g{n). If 
I TO G N} G AfitilA) and | to G N} G Afrt{lA) 

then Afrt(gA-lA) c =S^rt(/A-IA). 

Proof. Due to the assumption L := | to G N} G Jf;t(IA) 

a real-time /G-IA can limit its nondeterministic transitions up to the guessed 
time step g{n) and verify its guess. For a deterministic real-time lA language this 
technique has been used in the proof of Lemma 14. It is known that deterministic 
linear-time lAs can be sped up to 2 • n time [10]. Since / G o(log) we can assume 
/ < ^ and, hence, during n time steps a (2 • n)-time lA for L can be simulated. 

By this constructibility property and for structural reasons we obtain 
^rt{gA-lA) c ^rtif A-IA). 
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Since g is of order o(/) but by Corollary 11 it has to be of order 17(/) in 
order to accept Lfva real-time we conclude Lf ^ (gA-IA) . 

On the other hand by Theorem 10 L/ belongs to Jfrt(/G-IA). We obtain 
^rt(fG-lA) % Jf,t(gA-IA). 

By Theorem 13 it holds Jfrt(/G-IA) C Jfrt(/A-IA). 

It follows I£rt{gA-\k) c =S^rt(/A-IA). □ 

On a first glance the preconditions of the hierarchy seem to be rather com- 
plicated but the following natural functions meet them. Let z > 1 be a constant 
then /(n) := log*(n) and g(n) := log*“'’^(n) (log* denotes the z-fold composition 
of log). 
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Abstract. In a secret sharing scheme, some participants can lie about 
the value of their shares when reconstructing the secret in order to obtain 
some illicit benefits. We present in this paper two methods to modify 
any linear secret sharing scheme in order to obtain schemes that are 
unconditionally secure against that kind of attack. The schemes obtained 
by the first method are robust, that is, cheaters are detected with high 
probability even if they know the value of the secret. The second method 
provides secure schemes, in which cheaters that do not know the secret 
are detected with high probability. When applied to ideal linear secret 
sharing schemes, our methods provide robust and secure schemes whose 
relation between the probability of cheating and the information rate is 
almost optimal. Besides, those methods make it possible to construct 
robust and secure schemes for any access structure. 

Keywords: Cryptography, Secret sharing schemes, Detection of chea- 
ters, Robust and secure schemes. 



1 Introduction 



In a secret sharing scheme, a secret value is distributed into shares among the 
participants in a set P in such a way that only qualified subsets of P can re- 
construct the secret from their shares. Such a scheme is said to be perfect if 
the subsets that are not qualified to reconstruct the secret have absolutely no 
information on it. All the secret sharing schemes in this paper are considered 
to be perfect. See |1 fill 811 4I| for a comprehensive introduction to secret sharing 
schemes. 

The family of qualified subsets, P C 2^, of a secret sharing scheme is called 
the access structure of the scheme. We consider only monotone access structu- 
res, that is, any subset that contains a qualified subset must be qualified. Then, 
the access structure P is determined by the family of minimal qualified sub- 
sets, Tg, which is called the basis of T. For example, the access structure of a 
{t, N)-threshold scheme consists of all the subsets with at least t of N parti- 
cipants. Threshold schemes, that were independently introduced by Blakley 0 
and Shamir P3| in 1979, were the first considered secret sharing schemes. 

* This work was partially supported by Spanish CICYT under project TIC97-0963. 
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The size of the shares given to the participants is one of the main parameters 
to be taken into account in the design of secret sharing schemes. The information 
rate p of a secret sharing scheme is the ratio between the length (in bits) of the 
secret and the maximum length of the shares given to the participants. That is, 
if /C is the set of secrets and, for any p G P, the share of the participant p is 
taken from the set Sp, then 



P = 



log 1^1 

max log \Sp 



A secret sharing scheme is said to be ideal if its information rate is equal to one, 
which is the maximum possible value of this parameter. Several authors have 
given upper and lower bounds on the information rate of secret sharing schemes 
realizing different access structures [411 71, ‘111 n| . 

There exists the possibility that some participants in a secret sharing scheme 
provide false shares during the reconstruction of the secret in order to obtain 
some illicit benefit. Therefore, the security against this kind of attack is a key 
point in the implementation of secret sharing schemes. We are concerned only 
in unconditional security against cheaters, that is, the probability of cheating 
successfully must not depend on the computational resources available to the 
participants. 

We consider in this paper the following scenario: the participants in a co- 
alition in the form A — {pt}, where A = {pi, . . . ,pt-i-,pt} £ Tq is a minimal 
qualified subset, forge their shares in order to deceive the honest participant pt- 
That is, the participants in A — {pt} try to find a set of false shares {s^, . . . , S(_i} 
such that a false value k* ^ k oi the secret is reconstructed from the shares 
{s*, . . . , St}. In this case, we say that the participant pt is cheated by the 
false shares {s}, . . . , St_i|. Two different cases are considered. In the first one, 
we suppose that the cheaters somehow know the value of the secret /c £ /C. In the 
second one, we assume that the cheaters have no information about the value of 
the secret. 

The unconditional security of a scheme against this kind of attack is measured 
by the probability of cheating, that was first formally defined in |3 for threshold 
schemes. Let us consider A £ Iq a minimal qualified subset and a participant 
p £ A. If we suppose that the participants in A — {pj know the secret, we define 
the probability that the participants in A — {pj deceiue the participant p, denoted 
by PCi(A- {p}), as 



Eb,k ip is cheated by b'\A — {pj have b, the secret is k)j 

where b denotes the shares received by the participants in A — {pj and b' denotes 
the forged shares used by the participants in A — {pj in order to deceive the 
participant p. If we suppose that the cheaters in the coalition A — {pj have no 
information about the value of the secret, the probability that the participants in 
A — {pj, that do not know the secret, deceive the participant p, PC 2 (A — {p}), is 
defined analogously 0. 
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A {r, e) — robust scheme is a secret sharing scheme with access structure F 
such that PCi(A — {p}) < e for any minimal qualified subset A G Fq and for 
any participant p G A. A (F,S) — secure scheme is a secret sharing scheme with 
access structure F such that, for any minimal qualified subset A G Fq and for 
any participant p G A, PC 2 (A — {p}) < 6. 

All ideal schemes are insecure against cheating. If A S Ag is a minimal 
qualified subset in an ideal scheme, it is not difficult to prove that, for any 
p G A, the coalition of all participants in A — {p} can forge their shares in order 
to obtain the correct secret k and deceive p with a false secret k* . 

The vector space construction j^j is a method to construct ideal secret sharing 
schemes for a family of access structures, the vector space access structures, that 
includes threshold structures as a particular case. A generalization of this method 
makes it possible to find secret sharing schemes, that are not ideal in general, 
for any access structure The schemes constructed in this way are called 
linear secret sharing schemes. Since in such a scheme the secret value is a linear 
function of the shares of the participants in any qualified subset, linear schemes 
are very vulnerable to the action of cheaters. More information about this kind 
of schemes is given in Section El 



Unconditional security is obtained in general by adding redundant informa- 
tion to the shares. Several lower bounds on the length of the shares in robust 
and secure schemes have been found I7I8I1 ll2l . One can see from these bounds 
that the information rate decreases with the probability of cheating. That leads 
to a problem that has received considerable attention: to find robust and secure 
schemes with information rate as high as possible. 



Most of the secure schemes and robust schemes that have been 

proposed until now are threshold schemes. The design of schemes with detection 
of cheaters for a different kind of access structures was first considered in im.A 
method to find secure schemes that realize any vector space access structure is 
presented in that work. In fact, although Ogata and Kurosawa [S| have considered 
only threshold structures, their secure scheme can be implemented for vector 
space access structures too. The first robust scheme that can be applied on any 
vector space access structure has been proposed in 0. 



The aim of this work is to present two methods to modify a linear secret 
sharing scheme with access structure F and set of secrets /C, a vector space over 
a finite field GF{q), in order to obtain a (A, e)-robust scheme and a (A, 5)-secure 
scheme with the same set of secrets and e = 6 = 1/|/C|. In the case of secure 
schemes, the characteristic of the field cannot be equal to 2. Since there exists 
a linear secret sharing scheme for any access structure, our methods provide 
robust and secure schemes for a general access structure. The information rate 
of the robust and secure schemes we present here is equal to, respectively, one 
third and one half of the information rate of the original linear scheme. When 
applied to vector space access structures, our methods provide robust and secure 
schemes whose information rates appear to be almost optimal when compared to 
the bounds given in 0. The robust schemes we present here improve the robust 
schemes proposed in for threshold access structures and the one given 
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in 0 for vector space access structures. Our secure schemes are based on the 
secure schemes proposed in HD for vector space access structures. 

An introduction to linear secret sharing schemes is given in Section [3 Sec- 
tion 0 deals with the construction of robust schemes. The method to construct 
secure schemes is given in Section 0 



2 Linear Secret Sharing Schemes 

All vector spaces we consider here have finite dimension. Let P = {pi ,p2, ■ ■ ■ ,Pn} 
be a set of participants and consider a special participant D = p^ ^ P called dea- 
ler. Let if be a vector space over the finite field GF{q). For every pi G PU {D}, 
let us consider Ei, a vector space over GF{q), and a surjective linear mapping 
TTi : E ^ Ei. For any i = 0, 1 , . . . , iV, let Fi = ker be the kernel of the li- 
near mapping tt^. Let us suppose that these linear mappings verify that, for any 

A CP, 

Pi C Fo or p Fi -I- Fo = E. 

PiSA Pi€A 

In this situation, we can define a secret sharing scheme in the set of participants 
P as follows: for a secret value k G Fq, a vector v G E such that 7ro(i') = k is 
taken at random and every participant pi G P receives as its share the vector 
Si = T^i{v) G Ei- It is not difficult to prove that this is a perfect secret sharing 
scheme with access structure 

P= I Ac P : Pf, cFo 

I PiGA 



The information rate of this scheme is p = dimFo/(maxi<i<ivdimFi). Secret 
sharing schemes constructed in this way are called linear secret sharing schemes. 

Linear secret sharing schemes were first introduced by Brickell 0, who con- 
sidered only ideal linear schemes with dim Ei = 1 for any pi G PU {D}. In that 
case, we can consider that the surjective linear mappings tt ^ are non-zero elements 
of the dual space E*. In such an ideal linear scheme, a subset A C P is qualified 
if and only if the vector ttq G E* can be expressed as a linear combination of the 
vectors \pi G A}. The access structures that can be defined in this way are 
called vector space access structures. Threshold structures are a particular case 
of vector space access structures. Effectively, if F is a (f, iV)-threshold structure, 
we can take q > N a, prime power and Xi G GF(q), for any pi G P, non zero and 
pairwise distinct elements and consider E = GE{qY, ttq = (1, 0, . . . , 0) G E* and 
7Tj = (1, Xi, xf,..., x\~^) G E* for any i = 1,. . . ,N. The ideal linear scheme we 
obtain in this way is in fact equivalent to the Shamir’s threshold scheme m- 

Simmons, Jackson and Martin HD proved that any access structure F can 
be realized with a linear secret sharing scheme that, in general, is not ideal. 
Besides, an algorithm that provides a linear secret sharing scheme for any access 
structure is given in HD. The main handicap of the schemes constructed in such 



Secret Sharing Schemes with Detection of Cheaters 



189 



a way is that its information rate is very small. Nevertheless, for many access 
structures, it is possible to find a linear scheme with much better information 
rate by using decomposition techniques such as the Stinson’s X- decomposition 
construction nn, which is one of the most powerful tools to construct secret 
sharing schemes with good information rate. It can be seen that a linear secret 
sharing scheme is obtained when linear secret sharing schemes are combined in 
a A-decomposition construction. 

Finally, we remark that vector space secret sharing schemes are very vul- 
nerable to the action of cheaters. Effectively, for any minimal qualified subset 
A = {pi ^ , . . . , pij } G Fq, the secret can be computed from the shares of the par- 
ticipants in A by using a linear map xa ■ Eii x • • • x Ei^ -A Eq . We observe that 
the map XA is publicly known, that is, it can be determined from the mappings 
7Ti. It is not difficult to see that, for any e G Eq, the participant pq can compute 
a false share s*^ such that , 0, . . . , 0) = e. Then, if e 0, a wrong 

secret k* = k + e = XA{Sp^ , Sp^, . . . , Sp^) is recovered. In this way, the participant 
Pi can deceive the remaining participants and, besides, he or she can obtain the 
correct value of the secret, k = k* — e. 

3 Robust Schemes 

We present in this section a method to modify any linear secret sharing scheme 
with access structure F and set of secrets Eg in order to obtain a (F, e)-robust 
scheme with the same set of secrets and e = l/|ifo|. 

Let H be a linear secret sharing scheme with access structure F on the set 
of participants P — {pi , . . . ,pn}- Let : if — >■ Ei, where i = 0,1, ... ,N and 
E and Ei are vector spaces over a finite field GE{q), be the surjective linear 
mappings that define E. If n = dimifo, then Eg and the finite field GF(q^) are 
isomorphic as GF(q)-vector spaces. Therefore, we can suppose that the set of 
secrets of E is the finite field GE(q^). In this way, we can consider the product 
xy of two elements x,y G Eg. 

We define next the scheme E\ that will be proved to be a {F, l/g")-robust 
scheme. Given a secret value k G Eg = GF{q'^), the dealer takes at random a 
vector r G Eg and three vectors Vi,V 2 ,vg G E such that 7 To(ui) = k, ttq{v 2 ) = r 
and TTgi^vg) = kr, where the product is computed in the field GE{q^). For any 
i = 1, . . . , N , the share of the participant pi is equal to Sj = (sa, s^, s^a), where 
Sij = TTi(vj). That is, in the scheme E±, three secret values, namely, the secret k, 
a random element r and the product kr, are distributed into shares by using the 
linear secret sharing scheme E. When the participants in a qualified subset try 
to reconstruct the secret value, they obtain {xi,X 2 ,Xg) G Eq from their shares. If 
xg = X 1 X 2 , they take k = xi as the correct value of the secret. They are warned 
about the existence of cheaters if Xg fy X 1 X 2 . 

Proposition 1 The scheme E\ is a {F,e) -robust scheme with set of secrets Eg 
and information rate p/3, where e = l/|ifo| and p is the information rate of 
scheme E. 
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Proof. First of all, we have to prove that Hi is a secret sharing scheme with 
access structure P. It is obvious that the participants in any qualified subset 
can reconstruct the secret from their shares. On the other hand, the shares of 
the participants in a non-qualified subset do not provide any information on 
the value of the secret. In effect, let B ^ H be a non-qualified subset. We can 
suppose that B = {pi, . . . ,p^}. If the participants in B want to obtain some 
information about the value of the secret, they have to find it out from the 
system of equations 

511 = 7Tj(ui) 

512 = 7Tj(u2) 

513 = 7Tj(u3) 

= 7To(ui)7ro(u2) 

where i = 1 , . . . , £ and the unknowns are the vectors vi,V2,vs € E. Since 



where Fi = kerTr^, it is not difficult to see that, from this system of equations, the 
secret k = TTi(vi) can take any value in Eq = GF{q'^) with the same probability. 

We prove next that the probability of cheating PC\{A — {p}) is equal to 
e = l/f?" for any minimal qualified subset A G Pq and for any participant p G A. 
Let A = {pi, . . . ,pt-i,pt} be a minimal qualified subset and let us suppose 
that the participants in A — {pt} somehow know the value of the secret k G K 
and try to deceive the honest participant pt- The cheaters know that the shares 
correspond to a vector (xi, X2, X3) G Eq such that x\ = k and X3 = a;ia;2, 
but they do not know the values of X2,xq G Eq. For any (ei,e2,e3) G Eq, the 
participants in A — {pt} can compute forged shares s*, . . . , s*_;^ such that, in the 
reconstruction process, the vector {x\,X2,x\) is computed, where x* = Xi + Ci. 
Of course, if they want to deceive the participant pt, they have to take ei 0. 
The cheaters are not detected if and only if Xq = xfx^, that is, if and only if 



Then, for every choice of (ei,e2,e3), with ei 0, there exist a unique X2 G 
Eq that satisfy equation ©• Therefore, for any forged shares b' used by the 
participants in ^ — {pt} in order to deceive the participant pt, 



Ogata and Kurosawa |E| found a lower bound on the size of the set Sp of 
possible shares of any participant p G P in a (P, e)-robust scheme, where P is a 
threshold structure. 



f| P, + Po = P 



Pi^B 



eiX 2 + £2X1 + ei €2 — €3 = 0 



( 1 ) 



Pr {pt is cheated by b'\A — {pt} have b, the secret is k) = 
Then, PCi(A-{pt}) = l/g". 



□ 




|5p| >Mi(|/C|,e) 



(2) 
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where /C is the set of possible values of the secret. It is not difficult to prove that 
this bound is valid for any access structure F. 

If E is an ideal linear scheme with access structure F and set of secrets 
GF{q), then Si is a {F, l/q)-robust scheme such that |/C| = q and [iSpI = q^ for 
any p G P. Observe that the cardinality of the set of shares is very close to the 
lower bound 0, that in this case is Mi{q, 1/q) = q^ — q"^ + 1. 

A {F, e)-robust scheme was proposed in for any vector space access struc- 
ture. Actually, this robust scheme can be used to modify any linear secret sharing 
scheme with access structure F, set of secrets GF{q)^, where q is a power of a 
prime different from 2, and information rate p, into a (A, 2/q”)-robust scheme 
with the same set of secrets and information rate p/3. Observe that the robust 
scheme Si has the same information rate and a lower probability of cheating. 
Besides, the set of secrets of Si can be a field with characteristic 2. 

Finally, it is proved in Pj that the robust scheme proposed in that paper 
presents a much better relation between the information rate and the probability 
of cheating than the robust threshold schemes presented in m and mi- Then, 
our robust scheme improves those schemes too. 

The robust scheme Si can be generalized in order to obtain (T, e)-robust 
schemes whose probability of cheating is less than 1/|/C|. Given a secret k G 
Eq = GF{q^) each entry of the vector (fc, ri, . . . , r^, kri , . . . , kri) G where 

ri,...,r£ are random elements of Eq, is distributed by using a linear secret 
sharing scheme. When the participants in a minimal qualified subset try to 
recover the secret from their shares, a vector (a:i, . . . , X 2 i+i) is computed. They 
take k = xi as the correct value of the secret if Xi-i-i = xiXi for i = 2, . . . , £ 1, 

else, they are warned about the existence of cheaters. It is not difficult to check 
that a {F, e)-robust scheme with e = 1/q^ is obtained in this way. When applied 
to ideal linear secret sharing schemes with Eq = GE{q), we observe that the size 
of the shares in this robust scheme, |iSp| = is very close to the lower bound 

Mi{q, l/q^) = -|- 1. Of course, for a given e > 0 and a linear secret 

sharing scheme S for F with information rate p, we can take I = \— log e/ log q] 
in order to construct a (T, e)-robust scheme with information rate 1). 



4 Secure Schemes 

In this section we will show how any linear secret sharing scheme with access 
structure F and set of secrets Ag, a vector space over a finite field GF{q) with 
characteristic different from 2, can be modified in order to obtain a (T, 5)-secure 
scheme with the same set of secrets and 6 = l/|Ao|. This construction is based 
on the secure scheme introduced in HH for vector space access structures. 

Let us consider E and Ei, where 0 < i < N, vector spaces over a finite field 
GF(q), where q is odd, and surjective linear maps iTi : E ^ Ei that define a 
linear secret sharing scheme S with access structure F and set of secrets Eq on 
the set of participants P = {pi, . . . ,Pn}- As before, we can suppose that Eq is 
equal to the finite field GF(q^), where n = dimAg. 
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We define next a {F, l/(jf")-secure scheme F 2 from the linear secret sharing 
scheme S. For a given secret k G Eq, the dealer takes at random two vectors 
vi,V2 G E such that 7To(ni) = k and 7ro(f2) = k^- Every participant pi G P 
receives the share = (s^i, sa) G EiX Ei, where Sij = TTiivj). That is, the linear 
secret sharing scheme E is used to distribute two secret values, namely k and 
its square In the recovering process, the participants in a minimal qualified 
subset A G Eg, compute (xi,X 2 ) G Eg x Eg from their shares. If X 2 = x\, the 
participants in A take k = x\ as the correct value of the secret and they are 
warned about the existence of cheaters if X 2 ^ x\. 

Proposition 2 The scheme E2 is a {F, S) -secure scheme with set of secrets Eg 
and information rate p/2, where S = l/|Eo| and p is the information rate of 
scheme E. 

Proof. First we will prove that E2 is a perfect secret sharing scheme with access 
structure F. Obviously, the participants in any qualified subset can reconstruct 
the secret using their shares. We should prove now that the shares of the partici- 
pants in a non qualified subset do not reveal any information about the value of 
the secret. Let B C P he a, non qualified subset. Suppose that B = {pi, . . . ,Ps}- 
The information that participants of B have about the value of the secret is 
reflected on the equation system 

{ 7Ti(wi) = Sil f=l,...,S 

TTi{v2) = Si2 i=l,...,S 

(7To(ui))^ = 7 To(u2) 

where the unknowns are vectors vi,V2 G E. Since B ^ F, we have that Fi-\- 

Fg = E, where Fi = kerTr^. Then, it is easy to see that this equation system does 
not reveal any information about the value of the secret, that is, all the secret 
values k = 7ro(ui) are equiprobable. 

Finally, we have to prove that the probability of cheating PC 2 ( 2 l — {p}) is 
at most l/g". Let A = {pi,...,pt} G Iq be a minimal qualified subset and 
let us suppose that participants in ^ — {pt}, that do not have any information 
on the value of the secret, try to deceive the participant pt about the value of 
the secret. For any (ei, £ 2 ) G Eq, the cheaters can compute a set of false shares 
b' = {(sn,Si 2 ),- •■,(4-11. St- 12 )} such that XA(sn,...,Si_ii,Sti) = k-hci and 
Xa(si2) • ■ ■ . St- 1 2 ) St 2 ) = k“^ C2- The participant pt is deceived by b' if and only 

if the cheaters have chosen (ei, £ 2 ) G Eq such that £1 4 0 und (fc-|-£i)^ = k‘^-\-C 2 , 
that is, such that 2kei ef = £ 2 . Observe that, for every (£i,£ 2 ) G Eq with 
£1 4 0, there is exactly one value oi k G Eq such that 2 ke\ -h ef = £2- Therefore, 

Pr (pt is cheated by b'\A — {pA have 6) = — 

qTL 

Then, PC 2 (A - {p*}) = 1/g”. □ 

If E is an ideal secret sharing scheme with vector space access structure F 
and set of secrets GF{q), where q is odd, E2 is the {F, l/g)-secure scheme that 
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was proposed in El for this kind of access structures. The set of secrets of S2 is 
GF{q) and |5p| = for any p € P. We can compare that with the lower bound 
given in n for the size of the set of shares in a {P, <5)-secure scheme, 

|5p|>M2(|/C|,<5) = ^^^ + l (3) 

In our case, M 2 {q, 1/q) = q"^ — q + 1. 

Ogata and Kurosawa |E] propose a threshold {P, l/( 7 )-secure scheme achieving 
this bound, that is, with optimal information rate. In fact, this scheme can be 
defined for vector space access structures too. Then, for this kind of structures, 
the Ogata and Kurosawa’s scheme has slightly better information rate than the 
secure scheme S 2 but, on the other hand, it is computationally less efficient. 
See im for a complete comparison between these two schemes. 

Finally, in the case of general access structures, the Ogata and Kurosawa’s 
secure scheme can be extended only to linear secret sharing schemes with Eq = 
Zq, where q = qf + qi + 1 is a, prime number and qi is a prime power. That 
is, it can be applied only to linear schemes with dim(£’o) = 1. In many access 
structures, linear schemes with dim(£'o) > 1 have better information rate than 
those with dim(i?o) = 1. In this case, our method will provide a secure scheme 
with better information rate. 
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Abstract. Some elementary notions in the constructive theory of uni- 
form and locally convex spaces are introduced, and a number of basic 
results established. In particular, it is shown that if the unit ball of a 
locally convex space X is totally bounded, then so is the intersection of 
that ball with the kernel of any nonzero continuous linear functional on 
X. 

1 Uniform Spaces 

Although Errett Bishop considered that “in most cases of interest it seems to 
be unnecessary to make use of any deep facts from the general theory of locally 
convex spaces” , recent developments in constructive analysis (in particular, ope- 
rator algebra theory) increasingly depend on such a theory. In turn, that theory 
draws on the general theory of uniform spaces, the beginnings of which were 
outlined in Problems 17-21 on pages 110-111 of [2|. (Some basic definitions in 
the theory of locally convex spaces also appear in Chapter 8 of jOI.) 

By constructive mathematics we mean mathematics carried out with 
intuitionistic logic, without any restriction on the type of objects considered (see 
m)- By using this logic, we obtain results that not only hold classically but also 
can be reinterpreted in any reasonable model for computable analysis, such as 
recursive mathematics or Weihrauch’s TTE (fSIi see also ^3). Moreover, 
intuitionistic logic facilitates the recognition of certain distinctions of meaning 
that are obscured by classical logic. For background material on constructive 
mathematics, see P> 0> 01 01 PS] 

We now introduce the basic terminology and establish some fundamental 
facts about uniform spaces; in general, we do not define notions, or prove facts, 
that carry over unchanged from the classical to the constructive setting. 

Definition 1. A uniform space is a set X together with a family of 

pseudometrics on X. The equality and inequality on X are defined, respec- 
tively, as follows: 

X = y if and only if \/i € I {pi{x,y) = 0) , 

X y if and only if S J {pi{x,y) > 0) . 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 195-^2^1 1999- 
(c) Springer- Verlag Berlin Heidelberg 1999 



196 L. Dediu and D. Bridges 



The corresponding uniform topology on X is the topology in which, for each 
xq € X, the sets 



hoods of xq] the pseudometrics pi are called the defining pseudometrics for 
this topology. 

Metric and normed spaces are viewed as uniform spaces in the obvious way. 
For our purposes, a more important type of uniform space is a locally convex 
space, which consists of a linear space X over F ( IR or (D), together with a family 
{Pi)i^i of seminorms for which the corresponding family T of pseudometrics 
[x,y') I— >• pfpx — y) defines the topology (and, incidentally, the inequality) on 
X. In this case we refer to the seminorms pi as defining seminorms for the 
locally convex topology — that is, the uniform topology defined by and we 
call the set 

= {a; G X : Vz G / {pi{x) < 1)} 

the unit ball of the locally convex space X. 

In the rest of this section, unless we specify otherwise, (X, and 

^Y, are uniform spaces. 

Definition 2. A mapping f : X ^ Y is uniformly continuous on X if for 
each e > 0 and each finitely enumerable subset G of J there exist J > 0 and a 
finitely enumerable subset F of I, such that if x,y € X and pi{x,y) < 5 for all 
i G F, then aj{f{x), f{y)) < s for all j G G. 

Each defining pseudometric pi is uniformly continuous. 

Definition 3. A subset S of X is bfseries totally bounded with respect to the 
subset F of I if for each e > 0 there exists a finitely enumerable subset of S 
such that for each x G S there exists s G Sg with 

is called a finitely enumerable e-approximation to S relative to F. If S is 
totally bounded with respect to each finitely enumerable subset of I, then we say 
that S is totally bounded. 

We omit the proofs of the next proposition and its corollary, since they are 
very similar to those of the corresponding results on page 94 of P| ■ 

Proposition 1. If X is totally bounded and f : X ^ Y is uniformly continuous, 
then f{X) is totally bounded. 



V{xo,F,e) = IxG X ■. ^pi{x,xfi) < e 
I leF 

with e > 0 and F a finitely enumerable subset of I, form a basis of neighbour- 




^ A set A is said to be finitely enumerable (respectively, finite) if there exist a 
nonnegative integer n and a mapping (respectively, one-one mapping) of {1, . . . ,n} 
onto A. 
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Many of the most important results in classical analysis depend on the least- 
upper-bound principle, which, in its full classical form, is not constructive. Fortu- 
nately, we have the following constructive least— upper— bound principle: 

Let 5 be a nonempty subset of IR, that is bounded above; then sup S 
exists if and only if for all real numbers a,/3 with a < f3, either (3 is an 
upper bound for S or else there exists x £ S such that x > a (0, page 
37, Proposition (4.3)). 

Using this as on page 94 of 0, we obtain one important application of total 
boundedness. 

Corollary 1. A uniformly continuous mapping of a uniform space X into IR 
has a supremum and an infimum. 

The notion of a located subset — one from which one can measure the di- 
stance to any point of the ambient space — plays a very significant role in the 
constructive theory of metric spaces. We now generalise that notion to the pre- 
sent context. 

Defiuitiou 4. A subset S of X is located if 

inf < ^Pt{x,y) :y £ S 

[ieF 

exists for each x £ X and each finitely enumerable subset F of I. 

It follows from the constructive least-upper-bound principle that S is located 
if and only if for each x £ X, each finitely enumerable subset F of /, and all real 
numbers a, j3 with 0 < a < /3, 

either Pi{x,y) > a for all y G S' 

or else there exists y £ S such that Y^^^p Pz{x,y) < (3- 

Proposition 2. A totally bounded subset of a uniform space is located. 

Proof. Consider a totally bounded subset S of X. Let a: G X, let F be a finitely 
enumerable subset of J, and let 0 < a < /3. Writing e = ^ (/3 — a) , construct a 
finitely enumerable e-approximation {si, . . . , s„} to S relative to F. Let 

d = inf < Pi{x, Sk) ■ 1 < k < n 

[i&F 

which exists as the infimum of a finitely enumerable subset of IR. Either d > a+e 
or d < (3. In the first case, given y £ S and choosing k {1 < k < n) such that 
YieF PiiV: Sk) < e, we have 

Pi{x, y)>'^ Pi{x, Sk) - ^ Pi{y, Sk) > d - e > a . 
ieF ieF ieF 

In the second case, there exists k {1 < k < n) such that YieF Sk) < j3. 

□ 
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Proposition 3. A located subset of a totally bounded uniform space is totally 
bounded. 

Proof. Assuming that X is totally bounded, let S' be a located subset of X. Given 
e > 0 and a finitely enumerable subset F of /, choose a finitely enumerable |- 
approximation {a;i, . . . , Xn} to X. Since S is located, we can write {1, . . . , n} as 
a union of subsets P, Q such that 

if fc G P, then Pi{s,Xk) > e/3 for all s € S, and 

if fc G Q, then there exists s G S such that Pi{s,Xk) < 2e/3. 

For each k G Q choose Sfc G S such that YieP Xk) < 2e/3. Given s G S, 
choose k {1 < k < n) such that Yier < e/3. Then k G Q and so 

Pi{s, Sk) < ^ Pi{s, Xk) + ^ Pi{xk, Sk) <e . 

ieF ieF ieF 

Thus {sk ■ k G Q} is a finitely enumerable e-approximation to S. □ 

We omit the proofs of the next three results, since they are simple adaptations 
of (4.7) on page 30 of |B|, (4.8) on page 31 of 0, and (4.9) on page 98 of 0, 
respectively. 

Theorem 1. Let {E,p) be a totally bounded pseudometric space, Xq a point of 
E, and r a positive number. Then there exists a closed, totally bounded subset 
K of E such that B(xo,r) C K C B(xo,8r). 

Corollary 2. If E is a totally bounded pseudometric space, then for each e > 0 
there exist totally bounded sets K\, . . . ,Kn, each of diameter less than e, such 
that E = Ki. 

Proposition 4. Let f be a uniformly continuous mapping on a totally boun- 
ded subset S of a pseudometric space E. Then for all but countably many real 
numbers t > m = inf {f{x) : x G S} the set 

St = {xGE:\f{x)\<t} 

is totally bounded; in other words, there exists a sequenee (tn))/Li interval 

(m,oo) such that St is totally bounded whenever t > m and t for each n. 

2 Continuous Linear Functionals on Locally Convex 
Spaces 

In the rest of this paper, X denotes a locally convex space with its topology 
defined by the family {pi)t^j of seminorms. Our main result. Theorem 0 iden- 
tifies certain useful totally bounded subsets of the kernel of a continuous linear 
functional on X. This requires some preliminaries; for the first of these, we recall 
that a mapping / between linear spaces is homogeneous if f{Xx) = Xf{x) for 
all scalars A and vectors x. 
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Proposition 5. Let (E,p) be a seminormed space, and let S he a balanced, 
totally hounded subset of E . If f : E ^ TF is a homogeneous mapping, uniformly 
continuous on S, then for each t > 0 the set 

St = {x G S : \f{x)\ < t} 



is totally hounded. 



Proof. Since S is balanced, it contains 0, and therefore inf {|/(x)| : x G S} = 0. 
Being totally bounded, S is bounded: there exists M > 0 such that p(x) < M 
for all X G S. Let t > 0 and 0 < e < 1. By Proposition E] there exists t' <t such 
that 

— < min -[ 2 , 1 H — 

t' I ’ 2M / 

and St' is totally bounded. Let {xi,...,x„} be an |-approximation to Sf. If 
X G St, then jX G Sf, so there exists j (1 < j < n) such that 



Then 
and so 



\ e 

p ( —X — Xj j < - 



P \ X -Xj < 



t £ 



< 



f'~n ' t'A '2 



p{x-Xj) <p{x-^Xjj +p -1 ) Xj 

<l+(^^-ljp(x,) 

<-+ 1]M<- + -=£. 

2 \t' I 2 2 



Thus the set {xi, . . . , x„} is a finitely enumerable £-approximation to S'*. □ 

The following criterion for the continuity of linear functionals in terms of 
families of defining seminorms enables us to show that in a locally convex space 
the sets St of Proposition 0 are totally bounded with respect to any finitely 
enumerable family of defining seminorms. (Here, continuity means continuity at 
each point of X, relative to the topology associated with the defining family of 
seminorms on X.) 



Proposition 6. A linear functional f on the locally conuex space X is conti- 
nuous if and only if there exist a positive real number C and a finitely enumerable 
subset F of I such that 

|/(x)| < Csupp*(x) (1) 

IGF 



for each x G X. 
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Proof. We include the (slightly adapted) well-known argument for the sake of 
completeness. Since / is continuous and /(O) = 0, the set {x £ X : \f{x) \ < 1} 
is open in X; so there exist ^ > 0 and a finitely enumerable subset F of I such 
that if Y^i^pPi{x) < 6, then |/(a:)| < 1. It follows that for each x £ X and each 
e > 0, 

f( 

vE*gfK(^) + ^ 

and therefore 

\f{x)\ < 5"^ + e 

\^eF 





Since e > 0 is arbitrary, we see that (1) holds with C = S ^ 



□ 



In the presence of linearity we can improve Proposition 0 substantially. 



Proposition 7. Let f be a eontinuous linear funetional on the loeally eonvex 
space X, and S a totally hounded subset of X. Then for all t > 0 the sets 

St = {x £ S : \f{x)\ < t} 

are totally hounded. 

Proof. Choose a finitely enumerable subset F of I such that (1) holds for some 
C > 0 and all x £ X, and let G be an arbitrary finitely enumerable subset of I. 
Since 

|/(a;)| <C pi{x) {x £ X), 

ieFUG 

f is uniformly continuous with respect to the seminorm '^i^p^jqPi on X. It 
follows from Proposition 0 that for each f > 0 the set St is totally bounded with 
respect to P U G. Given e > 0, choose a finitely enumerable £-approximation 
{x\, . . . , Xn} to St relative to F U G. Then for each x £ St we have 

Y Pi{x-Xj)<£ 
ieG ieFuG 

for some j (1 < j < N). Since e > 0 is arbitrary, we conclude that St is totally 
bounded relative to G. □ 



Theorem 2. Let (X, {pi)t^j) be a loeally eonvex space, S a balanced, convex, 
totally hounded subset of X, and f a nonzero linear functional on X that is 
uniformly continuous on S. Then S fl ker f of f is totally bounded. 

Proof. By Corollary 0 the real number 

G = sup{|/(a;)| : x £ S} 

exists. Since / is nonzero, we can choose x £ S with |/(a;)| > Then 

G 



Xo = 
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belongs to S, and |/(a:o)| = Let e be a positive number, F a finitely enume- 
rable subset of I, and t a positive number such that 



0 < t < 



£T 

1 + 4C-1 |F|’ 



where \F\ is the cardinality of F. Since (by Proposition EJ 



St = {x e S : \f{x)\ < t} 



is totally bounded, it has a finitely enumerable f-approximation {si,...,s„} 
relative to F. Setting 

Xk={l + 2C~^t) ^ (sk -2C~^f{sk)xo) (l<k<n), 

we have Xk & ker /. Also, for each i G I, 

Pi(xk) < (1 + 2C~^t) ^ {pi{sk) + 2C~^ \f{sk)\pi{xo) 

< {1 + 2C-H)~^ {1 + 2C~H) 

= 1 , 



so Xk belongs to S' Piker/. Now consider any element x of S Pi ker/. Since x G St, 
there exists fc (1 < fc < n) such that Y^ifzpPi{x — Sk) <t and therefore 

'^Pi{x - Xk) < '^Pr{x - Sk) + '^PtiSk - Xk) 

ieF ieF ieF 

< t + 2{C + 2t) 'y^PijtSk + f{sk)xo) 

ieF 

<t+2C~h E (Pi(sfe) +Pi{xo)) 

^eF 

< t{l + AC~^ |F|) 

< £. 



Thus, relative to F, the set {xi, . . . , x„} is a finitely enumerable e-approximation 
to S PI ker / . □ 

Under the hypotheses of Theorem 0 if / = 0, then S PI ker / equals Ai and 
is totally bounded. The following Brouwerian example shows that we cannot 
expect to prove that S PI ker / is totally bounded unless we know that / = 0 or 

Let a G IR, and define a linear functional / : IR — >■ IR by /(x) = ax. Then / 
is bounded — it has norm equal to a — and the unit ball [—1,1] of IR is balanced, 
convex, and totally bounded. Suppose that K = [—1, IjPiker / is totally bounded, 
so that s = sup AT exists. Either s > 0 or s < 1. In the first case there exists 
X yf 0 in IR with /(x) = 0, so a = 0; in the second we have -• (/(I) = 0) , so 
-■(0 = 0 ). Thus Theorem O without the hypothesis / = 0 V / 0 implies that 



Vx G IR (x = 0 V -1 (x = 0)) 
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a statement that is known to be essentially nonconstructive. 

Theorem 13 has an important application in the context of a Hilbert space H. 
In this application, X = B{H) is the space of all bounded operators H, and the 
defining seminorms are the mappings of the form T i— >■ (Tx, y) with x,y G H; the 
corresponding locally convex topology is called the weak— operator topology 
Tw on B{H). The unit ball of B{H) is the set 

B^{H) = {Tg B{H) -.yxGH (||Tx|| < ||x||)} , 

which is Tu,-totally bounded. 

We use Theorem El to avoid invoking an unnecessary separability hypothesis 
in the following result. 

Theorem 3. Let H be a Hilbert space, TZ a linear subset of B{H) whose unit 
ballR-i — TZnBi{H) is r^-totally bounded, and f a linear functional on TZ that is 
-uniformly continuous on TZi. Then f extends to a linear functional on B{H) 
that is Tyj-uniformly continuous on Bi{H) and has the form 

OO 

f{T) = Y,{TXn,yn) 

n—1 

with (x„) , (?/„) elements of the direct sum H of a sequence of copies of H. 

The proof of this theorem is found in 
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Abstract. This paper introduces diametrical graph automorphisms. A 
graph automorphism is called diametrical if it has the property that the 
distance between each vertex and its image is equal to the diameter of the 
graph. The structure of diametrically automorphic graphs is examined. 
The complexity of recognizing these graphs is shown to be NP-complete 
in general, while efficient algorithms for cographs and circular arc graphs 
are developed. The notion of distance lower bounded automorphism is 
introduced in order to apply the results on diametrical automorphisms 
to a wider range of automorphisms. 



1 Introduction 

The problem to decide whether a given graph possesses a non-trivial automor- 
phism is well studied (see P] for a survey). In this paper a specific kind of 
automorphisms, called diametrical automorphisms, are studied. These are auto- 
morphisms satisfying an additional requirement, which is defined below. 

The following notation and terminology is used: A graph G with set of vertices 
V{G) and set of edges E{G) C U x U is written G = (U(G), A(G)). Only 
connected simple graphs (undirected, no multi-edges, no loops) are considered. 
The distance between two vertices v and w is written d{v,w), possibly using a 
subscript to specify the graph in which the distance is measured, eg. da{v,w). 
The diameter of a graph G is denoted d{G). The (closed) neighbourhood of v is 
N[u] = {u}U{r(; | {v,w) G E}. Disjoint union is written 1+1. Two vertices v and w 
are said to be in the same cell if there is an automorphism such that tt.v = w. 
An automorphism is said to be stable on a set of vertices if it projects the set 
onto itself. 

Definition 1. A graph G is said to be diametrically automorphic or D.A. if 
there exists an automorphism tt on G with the property that d{v, tt.v) = d{G) for 
all vertices v. tt is then called a diametrical automorphism. 

For some classes of graphs known from the literature all members are D.A. 
Examples are: the cycles G„; the circulants G„(ai, 02 , . . . , Or); the complete gra- 
phs Kn] the complete multipartite graphs Alno,...,nr) with > 2 for all 0 < f < r; 
the octahedra 0„ = nK 2 - 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 204-^1^ 1999. 

(c) Springer- Verlag Berlin Heidelberg 1999 
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Classes for which no member is D.A. include trees with more than 2 vertices 
and chordal graphs (except The latter fact is established in Cor. 0 

The related notions of fixed-point-free and (co)affine automorphisms have 
been described before (ini and ims], respectively) and are defined as: 

Definition 2. Let it be an automorphism on a graph G = (V,E). Then 
(ij 7T is said to be fixed-point-free when \/v € V \ v ^ tt.v. 

(a) 7T is said to be affine when \/v € V : {v,tt.v) € E. 

{Hi) 7T is said to be coaffine when tt is affine on G. Then 'iv £V : d{v, n.v) > 1. 

Just as for D.A. graphs, a graph is called fixed-point-free etc. if there is an 
automorphism on the graph that is fixed-point-free etc. These definitions can be 
unified by introducing the notion of distance lower bounded automorphisms. 

Definition 3. An automorphism tt on a graph G is said to be k distance lower 
bounded or dl]^, if d{v,Tr.v) > k for all vertiees v. 

Then D.A. is dld{c)^ coaffine is dl 2 and fixed-point-free is dli. Furthermore 
every automorphism is dig and no automorphism is dld(G)+i- Obviously, if tt is 
dlk+ii then tt is dlk- Similarly, the class of dl^+i graphs is a subset of the class 

01 dlk graphs. 

Note however, that D.A.-ness does not truly fit into this hierarchy: A lower 
bound on d{v,TT.v) is fixed over all graphs in a dlj- automorphism, whereas it 
depends on the graph for a diametrical automorphism. 

2 The Structure of D.A. Graphs 

An obvious constraint on the structure of a D.A. graph is that the graph should 
be equal to its center - it is self-centered or equi-eccentric - and hence 2- 
connected. Next, define the eccentric graph A{G) of G as follows: A{G) has 
the same set of vertices as G, and (u,v) G E{A{G)) iff dciu^v) = d{G). If tt 
is a D.A. on G, then tt .v , .v , . . . , is a cycle in A{G). Moreover, every 

vertex of G is part of precisely one such cycle, so a diametrical automorphism 
on G induces a cycle cover on A{G)] the converse does not hold. The following 
theorem gives more information on the cycles of G itself. 

Theorem 4. Let G be a graph with diameter d, let tt be a dlk automorphism 
on G with k > 0, and let v be a vertex of G. Then: 

(i) A chordless cycle of length at least 2k exists containing both v and tt.v. 

{ii) If k = d, then a cycle of length 2d or 2d+ 1 exists containing both v and tt.v. 

Proof, (i) Let p be a shortest path from v to tt.v. Then p, 7r.p, Tr^.p, ... is on a 
simple cycle c, with c having length at least 2|p| > 2k. If c does not contain a 
chord, then the theorem becomes true. 

If c does contain a chord (r, s), then the distance between r and s measured 
along c is at least 2k — 1: If it were less, then d(r, tt.t) < k. Hence, there is a I 
such that both Trfv and tt^~^^ .v are on the cycle r, . . . , s,r, with r, . . . , s on c. 
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Let (x, y) be a chord of c, with the distance between x and y measured along 
c minimal over all chords. By this minimality, the cycle x, ... ,y,x is chordless. 
By the previous paragraph, it has length at least 2k and contains both .v and 
TT^+^.u, for some 1. The theorem follows. □ 



Corollary 5. {ij The only chordal graphs that are diametrically automorphic 
are the complete graphs. 

(ii) For every automorphism tt on a chordal graph, there is a vertex v such that 
either v = tt.v or (v,tt.v) S E. 

Proposition 6 (HI)- Let e be the number of edges of a D.A. graph with n 
vertices and diameter d> 1, then: e > {nd — 2d — l)/(d — 1) 



Theorem 7. Let e be the number of edges of a D.A. graph with n vertices and 
diameter d > 1, then: 



f (n- 

f (t-d+2) 



if d = 2 
if d>S 



Proof. The number of edges is at most n/2 times the maximal degree of a vertex. 
An upper bound on the degree of a vertex v can be established by picking a 
shortest cycle (of length 2d or 2d + 1) through v and tt.v and distributing all 
vertices that are not on this cycle evenly among v and tt.v. □ 

The lower bound of Prop. 1^1 is the minimal number of edges in a self-centered 
graph. The upper bound of Th. Qis straightforward, but for d n still better 
than the general {n'^ —And+bn—Ad^ — 6d) /2 upper bound for self-centered graphs 
g]. Although the upper bound of Th. Qis tight for d < 3, it is not expected to be 
tight for d > 3, because it may not be possible for all vertices to be of maximal 
degree. The following conjecture gives an upper bound that is expected to be 
tight. 



Conjecture 8. Let e be the number of edges of a D.A. graph with n vertices and 
diameter d > 3, then: 



e < ^ + l) +‘2{n-d) 
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The motivation for this bound is the following: 

When partitioning n vertices into cliques such that the total number of edges 
is maximal, it is beneficial to create as few cliques as possible and make these 
cliques as big as possible. Furthermore, every clique is vertex-disjoint to its image 
under a diametrical automorphism. Hence, for every k, a D.A. graph contains 
either at least two cliques of size fc, or none. Combining these two observations, 
construct a graph that consists of two cliques of maximal size, connected by two 
paths, see Fig.Ql This graph contains 2(n/2 — d-|- 1) -1-4 vertices of the maximal 
possible degree n/2 — d+2 and 2(d — 3) vertices of the minimal possible degree 
2. This gives the conjectured bound. 

3 Recognizing D.A. Graphs 

Define the D.A. problem as the problem of deciding whether a given graph 
possesses a diametrical automorphism. In this section it is proved that the D.A. 
problem is NP-complete. Next, two algorithms are given that can be used to 
solve the problem in polynomial time for a specific class of graphs. 

First, it is proved that the D.A. problem is NP-complete. This is done by 
reducing the fixed-point-free automorphism problem m to the D.A. problem: 
A graph G' is constructed from G in such a way that G' has a diametrical 



automorphism iff G has a fixed-point-free automorphism. 

Definition 9. Let G = (V, E) be a graph. Then the graph G' = (V',E') is 
defined by 

V' = V U EU {tv,uv}U {ta^ua} (1) 

E' = {(ui, Cj) \ €j € E is incident to Vi €V in G} (2) 

^{{tG,v) ,{uG,v) \v eVUE} (3) 

{(tv,v) ,{uv,v) \v gV} (4) 



The construction is the following: Each edge in G is split in two, adding a 
vertex in the middle Q . Every vertex in this subdivision graph of G is connected 
to new vertices tq and uq ( 0 . Furthermore every vertex that was present in G 
is connected to new vertices ty and uy ®. The resulting graph is depicted in 
Fig.0 This construction ensures (a) that the distance in G' between any two 
vertices in V is equal to d(G') = 2, and (b) that tt is an automorphism of G' iff 
the restriction of tt to P is an automorphism of G. 

Theorem 10. Recognizing D.A. graphs is NP-complete. 

Proof. Note that D.A. is in NP. We claim that G' constructed as in Def. Elis 
D.A. iff G is fixed-point-free. This proves NP-completeness of D.A, because re- 
cognizing fixed-point-free graphs is NP-complete na, and G' can be constructed 
in polynomial time. 

When examining the automorphism partition of G' it becomes apparent that 
{tctUc} form a cell because they have the same set of neighbours V U E and 
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no other vertex in G' has degree \V\ + \E\. Furthermore, {tv,uv} form a cell 
because these vertices have the same set of neighbours V and they are the only 
vertices in V{G') \ {tc,uc} that are not adjacent to tc,uo. Because of this 
cell every automorphism of G' must be stable on both V and E. Hence, if tt' is 
defined by 

tt' .V = TT.V 

tt' .{u, v) = {tt.u, tt.v) 
tt' .tv = uv tt' .uv = tv 

tt' .to = UG tt'.ug = to 

then tt' is an automorphism on G' iff tt is an automorphism on G. Examination 
of the distances between vertices in G' shows that tt' is D.A. iff Vu G F : tt.v ^ v, 
in other words iff tt is fixed-point-free. □ 

Because d{G') = 2, this also proves that recognizing coaffine graphs is NP- 
complete. The general dlk problem can be proved NP-complete through a simple 
reduction: 

Theorem 11. Recognizing dl]^ graphs is NP-complete. 

Proof. Let G be a graph with n vertices and let 3 < fc < d(G) — 1. The cases 
k = 1, k = 2 and k = d{G) are already proved. Create a graph G' by connecting 
an instance of the gadget of Fig.Elto each pair of vertices u, v with the property 
that dciu^v) = d{G), then: dG{u,v) = d{G) ==> dG'{u,v) = k. 

Because G cannot contain an n-clique, any automorphism of G' permutes 
these gadgets among themselves. It follows that G' is dlk iff G is D.A. □ 



vGV 
{u, v) G E 



3.1 Diametrically Automorphic Cographs 

The Zykov-join G * PI of G and H is formed taking the disjoint union of G and 
H and adding all possible edges between G and H. Cographs are defined as: 

Definition 12. The class of cographs is defined recursively as: (ij K\ is a co- 
graph. (ii) IfGi,i G I are cographs, then ^i^jGi is a cograph. (Hi) If Gi,i G I 
are cographs, then 1+Jjgj Gi is a cograph. 
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Fig. 3. A gadget to reduce dlk automorphism to D.A. 



Proposition 13. Let G = ^i^jGi with |J| > 2, then d{G) = 1 if \/i G I : 
d{Gi) < 1, and d{G) = 2 otherwise. 

For a background on cographs, see [^. Associated with every cograph G is a 
unique rooted tree, the cotree Tq of G. If u is a vertex in Tq, the tree rooted at 

V is written T{v). The cograph represented by T{y) is G{v). The set of children 
of V is G{v). Each leaf of Tq represents a vertex of G, while an internal vertex 

V of Tg is either a ^-vertex or a l±l-vertex. The former represents ^uigC(?;) G{w), 
the latter 1+Ju,g(;7(„) G(w). *-vertices and W- vertices alternate on every path from 
the root to a leaf. 

Like many other algorithms on cographs (cf. J2]), the algorithm to determine 
whether a cograph G is D.A. proceeds from the leaves of Tq to the root. To 
every vertex v of Tq three attributes are assigned, whose values are computed 
from the attributes of u’s children. 

Lemma 14. Let v be a vertex in a eotree, then v is assigned three attributes I, 
d and a: 

l{v), a label such that l{v) = l{v') <G> G{v) ~ G{v'), 
d{v), with d{v) = d{G{v)), 

a{v), a boolean which indicates whether a coaffine automorphism on G{v) exists. 
The following rules correctly maintain the meaning of the attributes d and a: 

= 0 

= False 

j 1 ifVw G G(u) : d{w) = 0, 

1 2 otherwise. 

= A 

x^C{v) 

= CX5 

= A V G C{v) : l{x) = l{y)) (6) 

x£C(v) 

Proof. The case for a leaf is trivial. Assume the attributes have been determined 
for all children of an internal vertex v. 



V is a leaf: 


d(v) 




a(v) 


V is a ^-vertex: 


d(v) 




a(v) 


V is a [i)-vertex: 


d(v) 




a(v) 
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1. t) is a ^-vertex. As the children of a vertex are either leaves (diameter 0) or 
1+1- vertices (disconnected), the correctness of d follows directly from Prop. El 
Let w G C{v) and x G V(G(w)). If tt is a coaffine automorphism on G(v) 
then 7T.X G V(G(w)), because otherwise d{x, n.x) = 1. This means that tt = 
U-u)GC(j;) where pw is a coaffine automorphism on G{w). The correctness 
of a follows. 

2. u is a l±l-vertex. Since G{v) is disconnected, the value of d{v) is correct. 
A coaffine automorphism can project a connected component G{x) of G{v) 
either onto itself, when a{x) = True, or onto another connected component 
G{y), when l{x) = l{y). 

□ 



Theorem 15. Determining whether a cograph G is D.A. can be done in 0(|P|-|- 
|if|) time. 

Proof. First the cotree Tq, with root r, is computed using the algorithm from 
0 in 0{\V\ + |A|) time. Using Lemma IT^ the attributes a{v) and d{v) can be 
computed in 0(|(7(w)|) time, hence in 0(|U(G)|) time in total. The common tree 
isomorphism algorithm (see eg. Q) calculates the labels I in the same bound. 
The theorem follows because G is D.A. iff d{r) < 1 V a(r). □ 

Because of the limited diameter of cographs, this covers the general dlk, k > 1 
problems. The case k = 1 can be solved by replacing formula (0 by ®. 

3.2 Diametrically Automorphic Circular Arc Graphs 

Circular arc graphs are graphs that possess an intersection model consisting 
of arcs of a circle (see eg. m)- Interval graphs are graphs that possess an 
intersection model consisting of intervals of a line. The interval graphs form a 
proper subset of the circular arc graphs. A circular arc graph that possesses an 
interval model is called degenerated. As every interval graph is chordal, it follows 
from Cor. 1^ that an interval graph is D.A. iff it is complete. In this section an 
algorithm is developed that decides whether a circular arc graph is D.A. 

If u is a vertex of a circular arc graph, the arc representing v is written 
A{v) = {a{v),uj{v)), with a{v) denoting the counterclockwise endpoint of the 
arc, and to{v) the clockwise endpoint. The same notation is used for an arc x 
directly: x = (a{x),uj{x)). All endpoints are assumed to be distinct. The relative 
positioning of two different arcs is named as follows: 

Definition 16. Let x,y be different vertices of a circular arc graph G and con- 
sider a circular arc model of G. Then A{x) and A{y) are positioned in one of 
the following ways: 

1. The endpoints appear in the cyclic order a{x) uj{x) a{y) oj{y). 

A{x) and A{y) are said to be independent. 

2. The endpoints appear in the cyclic order a{y) a{x) uj(x) cu(y). 

A{x) is said to be contained in A(y), which is also written as x <G y. 
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3. The endpoints appear in the cyclic order a{x) uj{y) a{y) uj{x). 

A{x) and A{y) are said to cover the circle. 

4-. The endpoints appear in the cyclic order a{x) a{y) lo{x) oj{y). 

A(x) and A(y) are said to strictly overlap. If this order is clockwise the 
notation x < y is used. 

Let 1V[?;] be the closed neighbourhood of v, then the intersection models used 
in this section are assumed to be normalized in the following sense m-- 

Definition 17. An intersection model of a circular arc graph G is said to be 
normalized if for all vertices x,y of G the following conditions hold: 

1. A{x) and A{y) are independent iff (x,y) ^ E{G). 

2. A{x) is contained in A{y) iff N[x] C N[y], 

3. A{x) and A{y) cover the circle iff 

— {x,y) G E{G) and both A^[a:] — N[y] and N[y] — are non-empty 

— and \/w ^ fV[x] : N[w] C N[y] and Vw ^ N[y] : C N[x]. 

4-. A{x) and A{y) strictly overlap iff 

— {x,y) G E{G) and both A^[a:] — N[y] and N[y] — N[x] are non-empty 

— and not (Ww ^ iV[a:] : C N[y] and Vw ^ N[y] : fV[u'] C N[x]). 

There are two limitations on the existence of a normalized model for a non- 
degenerated circular arc graph G. The first is that a vertex v with Ai[u] = V{G) 
should not exist: all other arcs must then be contained in A{v). However, the 
only D.A. circular arc graphs that contain such a vertex are the complete graphs, 
which are degenerated. The second limitation is that there should not be two 
vertices x and y such that N[x] = N[y], These vertices can be fit into the model 
by representing them by the same arc. 

Note that normalized models need not be unique. In this section all circular 
arc graphs are assumed to be normalized and not degenerated. 

Diametrical automorphisms on a circular arc graph have the nice property 
that they preserve vertex ordering; a diametrical automorphism can be seen as a 
rotation of the model of the graph. In the next theorem this property is proved. 

Proposition 18. A D.A. circular arc graph does not contain a pair of vertices 
whose corresponding arcs cover the circle in a normalized model. 



Theorem 19. Let v,w be vertices of a circular arc graph G, and tt a D.A. on 
G. Then the order of the endpoints of tt.v,tt.w is precisely the same as the order 
of the endpoints ofv,w. 

Proof. Consider vertices v and w such that w is the first vertex encountered 
clockwise from v, ie. : a{x) G (a(u), a(ui)). The case where v D w is 
trivially true, so only the cases where v ^ w and where (u, w) ^ E(G) need 
to be considered. The latter case can only exist if v and w are contained in 
a common vertex (otherwise G would be degenerated), so the theorem can be 
proved by examining the following three cases: 
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(a) (b) 



Fig. 4. Illustrating Theorem cni 



1. V ^ w and ty is on a shortest path from v to tt.v. 

As d{w, tt.v) = d(G) — l and {tt.v, tt.w) € E{G) it follows that w, . . . , tt.v, tt.w 
is a shortest path. But if tt.w -< tt.v, then tt.v would not be on this shortest 
path. So TT.V TT.W. 

2. V ^ w and w is not on shortest path from v to tt.v. 

Let v,Vi,V 2 , . . . , TT.V be a shortest path, then v Vi. Because w is not on a 
shortest y-Tr.y-path, it follows that (w,V 2 ) ^ E{G), and w -< v\. Therefore, a 
vertex t exists such that t ^ A^[u], t G iV[ry] and t G iV[wi]. Then TT.t ^ N[tt.v], 
TT.t G N[tt.w], TT.t G A^[7r.ui] and, by the previous case, tt.v -< tt.v\. In order to 
establish a contradiction, suppose tt.w -< tt.v (see Fig. 0a)) . Then the overlap 
between tt.w and TT.t is outside the segment {u>{TT.v),a{TT.t)), implying that 
either tt.w G A^[ui] or TT.t G iV[t] which cannot hold if G is not complete. 

3. {v,w) ^ E{G), V C X and w C x. 

Let v,vi, . . . , Vn, TT.V be a shortest path, then x,vi, . . . , u „, tt.x is also a shor- 
test path. Because (vn,TT.v) G E{G) and {tt.v,tt.vx) G E(G), the arc x can 
be partitioned into five consecutive segments (see Fig. EJb)): 

a(x) ■ ■ ■ a(v) ■ ■ ■ w(tt~^ .V n) ■ ■ ■ a.{vi) ■ ■ ■ oj{v) ■ ■ ■ u>{x) 

The position of w in these segments determines the position of tt.w uniquely, 
thereby preserving the order of v and w. 

□ 



Corollary 20. Let the vertices of a circular arc graph G be numbered from 
0 . . . |I^(G)| — 1 in the clockwise order of their counterclockwise endpoints (ie. as 
they are discovered by a clockwise scan of the model, starting at vq). 

Then a diametrical automorphism tt on G is of the form tt : Vi ^ I’iefc, where 
0 denotes addition mod |R(G)|. 

For brevity, a vertex will be identified with its number, writing v < w instead 
of V = Vi, w = Vj,i < j. 

The shortest path from u to w is contained in either {a{v),Lo{w)) or in 
{a{w),Lv{v)). The shortest path contained in such a segment {a{x),w{y)) is cal- 
led the clockwise shortest path between x and y and its length is the clockwise 
distance d‘^{x,y), with the equality d{x,y) = min{d'^ {x , y) , d‘^ {y , x)) holding. 

Consider a circular arc graph G with its vertices numbered clockwise, as in 
Cor. 1201 Let v,v\, . . . ,Vn,w be a clockwise shortest path, with v < w. Then 
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Vi < except possibly vi < v. This exception occurs when v C vi. This 

implies that for A: > 1 , the vertices t such that <F(v,t) = k are sequential, so by 
defining for all u G F (G) 

dl(u) = min{w | d‘^{v,w) = d{G)} dh(u) = max{zi; | d’^{v,w) = d{G)} (7) 

dl(G) = max{dl(u) — n| dh(G) = min{dh(u) — u} (8) 

V V 

we get for any 1 < fc < d{G) 

(Vu : d{v, v®k) = d{G)) ^ dl(G) <k< dh(G) . 

Following this, determining whether a circular arc graph is D.A. can be done 
by first determining the clockwise distance between all pairs of vertices, next cal- 
culating d(G), dl(G) and dh(G) and finally checking whether a fc G [dl(G), dh(G)] 
exists, such that : ?; — >■ u © fc is an automorphism. 

The final step requires an efficient way to compare rotations of a circular 
arc model. What makes up a circular arc model is the order and length of the 
arcs. The length of an arc can be measured in the number of counterclockwise 
endpoints it contains: length(u) = |{rc | a{w) G (o!(u), w('y))}| 

By labelling every arc with its length and concatenating these labels in the 
clockwise order of the arcs, a string representation of the model is created. The 
precise order of the clockwise endpoints is lost in this representatioifl, but the 
intersection relationship between arcs and hence the model is not affected by 
this loss. This string representation allows for an efficient D.A. algorithm: 

Theorem 21. Determining whether a circular arc graph is D.A. can be done in 
0(|Fp) time. 

Proof. First, a circular arc model of G is created in G(|t7|2) time using P| and 
it is normalized in the same time using the algorithm in ^ p.415]. Next, the 
clockwise distances between all pairs of vertices are calculated in the same bound 
by (a . Then dl(G), dh(G) and d{G) are calculated by a nested loop implementing 
(0. The time consuming phase in the creation of a string representation r of 
the model is the calculation of the lengths of the arcs. This takes 0(|y|) for 
each arc and 0(|yp) in total. Finally, the string matching algorithm of Knuth, 
Morris and Pratt (see 0, Ch.34.4]) is used to determine in 0(|r|) = 0(|P|) time 
whether r occurs in rr with shift A:,dl(G) < k < dh(G). □ 

The general dlk problem can be solved by the same algorithm by making the 
appropriate changes to 0. 

4 Discussion 

Although the bound on the distance between a vertex and its image is fixed in 
dlk automorphisms, and depends on the graph in diametrical automorphisms, 

^ The order of the clockwise endpoints can easily be stored by inserting a special token 
followed by a length into the string. 
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results could readily be adapted from one to the other. The structure of D.A. 
graphs and the precedent set by coaffine automorphisms [1811 4| suggest that 
D.A. or dlk automorphisms can be used for investigating the properties of cycles 
or graph operators. The operators most vulnerable to this attack are probably 
those defined in terms of distances between vertices, or in terms of cycles. 

The lower bound on the number of edges in a D.A. graph with given diameter 
was shown to be 17(|1/|), while the upper bound is 0{\V\'^). This would suggest 
many D.A. graphs exist, but the enumeration problem was not tackled — how 
many D.A. graphs on a given number of vertices (and, optionally, edges) do exist? 
And is the conjectured tight upper bound on the number of edges correct? 
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Abstract. We define some class of regular expressions equivalent to 
event-clock automata. It is shown that regular expressions cannot be 
given a compositional semantics in terms of timed state sequences. We 
introduce a modified version of timed state sequences supporting a par- 
tial operation of concatenation on which we may build the semantics of 
regular expressions. A forgetting map then induces a semantics in terms 
of the classic version of timed state sequences. We also define several 
types of languages of automata in terms of classic or modified timed 
state sequences. Two Kleene theorems, one for each type of timed state 
sequences, relating expressions and event-clock automata are proved. 



1 Introduction 



Automata models of real-time systems have proved instrumental in the verifica- 
tion of real-time systems jAhhdlAf'Hhdj . They have been studied with the hope 
that the classical decidability results and the relationship to temporal logics can 
be adapted in the real-time framework, hence giving powerful decidable real-time 
logics. However the program has not reached its scope, since there is no fully 
satisfactory class of automata fitting the above requirements. Timed automata 
of prrm] are too powerful, having a decidable emptiness problem but an un- 
decidable complementation problem. Real-time automata in spite of their 

decidability of the complementation problem, have too little expressive power, 
being unable to capture behaviors of distributed real-time systems Eig. Ano- 
ther proposal are event-clock automata |A KHh4j (EGA for short), which, in their 
introductory paper, were shown to have a decidable complementation problem 
as they are determinizable. These automata have also sufficient expressive power 
and have served as a guide for defining some real-time logic [IH,Sh7IHR,Sf)S] . 

Another subject for research was the relationship of automata to some regular 
expressions. As yet just timed automata IAGMf)7l and real-time automata ini2] 
have been the subject of this question, but only real-time automata have proved 
satisfactory since as (languages accepted by) timed automata have a weak Kleene 
theorem in the sense that it involves renaming, and it is still an open question 
if regular expressions in lAGMhVI are equally expressive to timed automata. 

Here we investigate the class of languages accepted by EGA for their rela- 
tionship to some regular expressions. The expressions in study have the same 
form as the labels of the transitions on EGA, i.e. are composed of a letter or 
the empty word e and a constraint on the history and prophecy clocks. We call 
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concatenation of these expressions chop. It turns out that the constraints on the 
left-hand side of chop may refer to points after the chopping point. We are lead 
to consider a modified version of timed state sequences of Ennn, in which we 
add information about some interval to which attention is restricted (we call 
them TSS with limited observation). This allows us to define the chop of two 
TSS with limited observation only iff they have the same underlying TSS, hence 
chop being a partial operation. This is then lifted to a total operation on sets 
of TSS with limited observation. We also show that, if we assume the idea that 
constraints on one part of chop may refer to points on the other part of chop, we 
cannot define semantics of the regular expressions in terms of a concatenation 
operation on TSS. 

We also study here EGA with e-transitions, not yet defined in the litterature. 
Why e-transitions, if EGA are not closed under renaming and hiding !AFH94j? 
The reason lies in their relationship to the logic proposed in |F},S97IHT},S9S| . Take 
e.g. the formula 0>=ip (which is to be read as “there is some time point t such 
that the first time point t' > t a,t which p starts to hold must satisfy t' — t = 1”). 
The formula might be associated to the state-clock automaton in figure 1 (see 
for details). 







Intuitively the automaton may be in states 1 or 4 at some time point r only 
if the value of variable p is true at r, while during the stay in states 2, 3 or 5 the 
value of p must be false. Some transition may be taken at time point r iff the 
values of the variable p before and after r fit the respective labels of the states 
and the constraint on the transition is true at r. The constraint = 1 is true 
at some time point r iff the next time point t' at which p becomes true satisfies 
t' — T = 1 (this implies that p is false at r). The automaton is built such that 
it stays in states 1 or 2 before the time point t, at moment t it goes to 3 and 
at time point t' it goes to 4; after this it stays either in 4 or in 5. Hence it is 
equivalent to the above formula. Note that transitions 1 to 2, 2 to 1 etc. involve 
also a change in the value of p; but there is also the transition 2 to 3 which is 
identified only by the moment at which the constraint becomes true. We argue 
that, when transforming this automaton into an EGA, the transition from 2 to 3 
has to be an e-transition by the intuition that an action (i.e. letter) occurs only 
when some variable changes its value. 

Note then that in the presence of e-transitions the algorithm in |AFH94| 
does not give a deterministic EGA as the e-transitions have to be removed first 
- the same holds in the classical setting m- In fact the notion of deterministic 
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automaton of IAKH114I has to be redefined. The problem of the elimination of 
e-transitions is solved in PH. 

The paper runs as follows: we introduce in the next section extended TSS 
(ETSS for short) which allow us to define the language of an EGA with e- 
transitions and ETSS with limited observation (LETSS for short) with the par- 
tial concatenation ( “chop” ) on them which allows defining the semantics of re- 
gular expressions. In the third section we define EGA with e-transitions and e- 
regular expressions. We associate two types of semantics to regular expressions, 
one in terms of LETSS and one in terms of TSS. Only the first one is compositio- 
nal, the other one is not and comes via some “forgetting” map. Also we associate 
to each EGA four languages: the first language, in terms of ETSS, is the natu- 
ral one, as it extends the definition of lAKHfidI to EGA with e-transitions; the 
second language, in terms of TSS comes via the forgetting map. But, since we 
cannot prove the Kleene theorems unless we define chop on automata too we also 
need some language in terms of LETSS, which is the third type. The fourth type 
language is again in terms of TSS and comes from the third via some forgetting 
map too. An important property showed here is that the second and the fourth 
types of languages, though being not the same for a given EGA, have equal 
expressive power. The fourth section contains the proof of the Kleene theorem 
relating the first type semantics of some e-regular expression and the third type 
language of some EGA. As a corollary we obtain the (desired) Kleene theorem 
saying that e-regular expression and EGA have the same expressive power w.r.t. 
their TSS semantics. We end with some comments and topics for further study. 



2 Preliminaries 

We fix a finite set of letters S. For a word w G S* we denote by |w| its length. 
[n] is the set of natural numbers {!,... ,n}. Notations IR>o and IR>o are for 
the sets of nonnegative, resp. positive reals. Similarily Q>q stands for the set of 
nonnegative rationale. 

Definition 1. An extended timed state sequence (ETSS for short) is a tuple 
(w,T,I) consisting of a word w G S* , a strictly increasing function t : [m] — >■ 
]R>o with m > |w|, called the sequence of time points of the actions and a 
subset I of [m] having card{I) = |w|. 

We denote dom^r) the domain [m] of the sequence of time points r and by 
range(r) the range of r. 

An ETSS intuitively models the behavior of a real-time system in the follo- 
wing sense: the letters in S are the observable actions, the empty word e repre- 
sents an inobservable action and r holds the time points at which actions occur. 
Moreover observable actions occur only at r(i) with i G I. Hence, if we consider 
that / consists of ji < j 2 < ■ ■ ■ < j\w\ we can define, for each i G dom^r), the 
i-th symbol of the ETSS as being e (the empty word) iff i ^ I or the A:-th letter 
in w iS i = jk G I and denote this by w[i]. Then w = w[l]rc[2] . . . w[card{I)]. 
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A natural equivalence arises on ETSS: two ETSS (wi,Ti,Ii), i € [2] are 
equivalent, denoted ~ {w2,T2, I2), iff wi = W2 and the time points 

of observable actions are the same, i.e. if we list each li in increasing order as 
h = {fi, ■ ■ ■ , then ri(j^) = T2OI) for all k € [|wi|]. 

A representative in each equivalence class can be defined as follows: for an 
ETSS a = (w,T,I), where I is listed in increasing order as / = {ji, . . . , j|u,|}), 
we define a function 9 : [|w|] — IR>o with 6{k) = T{jk) for all k G [|w|]. If we 
pair the word w with 9 we actually get the following definition: 

Definition 2. A timed state sequence \AD94\ (T’SS for short) is a pair {w, 9) 
consisting of a word w € E* and a strictly increasing function 9 : [|w|] — > IR>o. 

Hence in a TSS we know only the time points of the observable actions. Clearly 
they are special kind of ETSS, in which / = dom(j). Simple verification shows 
that the map [•] from the set of ETSS to the set of TSS defined as [(w, r, /)] = 
(w, 9) where 9 is defined above maps two equivalent ETSS to the same TSS. Thus 
TSS can be thought of as representatives for each equivalence class of ETSS. 

On ETSS we can also define concatenation as an extension of the concatena- 
tion on words: given two ETSS and (w2,T2,I2) with dom{ri) = [mi\ 

(z G [ 2 ]) define (wi, ti, 7 i) • (w2, T2, 12) = {wiW2,t, I) where dom^r) = [mi-|-m2] 
and 

T(i) = I ^ 

^ [ Ti(mi) -I- T 2 (z — mi) iff mi -|- 1 < z < m-i -|- m2 

Concatenation can then be extended to sets of ETSS as usual. We denote by 
• this extension. Concatenation can be defined on TSS too, as TSS are special 
kind of ETSS. 

A third basic notion is the following: 



Definition 3. An ETSS with limited observation (LETSS for short) is a 
tuple {w,T, I ,ti,t2) where is an ETSS and 0 < < ^2 <00 



The intuition is that observation of the system is restricted to the interval \ti,t2\- 
LETSS are essential in giving semantics to regular expressions. 

The underlying ETSS of a LETSS is defined by sub{{w, t, I, ti,t2)) = {w, r, I). 
The equivalence relation on ETSS can be straightforwardly extended to LETSS 
by putting two LETSS equivalent when their underlying ETSS are. Then we can 
define a map [[•]] as the composition of sub with [•]. This map also makes TSS 
as representatives of equivalent LETSS. 

We can also define concatenation of LETSS, but in a rather different manner 
than on ETSS: it is a partial operation, defined when both operands have the 
same underlying ETSS and when the endpoint of the interval of observation of 
the first equals the initial point of the interval of observation of the second: 



t2 = 1ti 






{w, r, /, ti, U2) iff w = w', t = t‘ 
undefined otherwise 



Kleene Theorems for Event-Clock Automata 219 



This operation is then extended to a total operation on sets of LETSS: 

Ti;T2 = {{w,T,I,ti,t3) I 3 t 2 G such that {w,t, I,ti,t2) G Ti and 

{w,T,I,t 2 ,h) G T2} 



Note that {{w,T,I,ti,t2)}\ {(w, r, /, ^2, is)} = {(w, r, /, ti, ts)} while 
{{w,T,I)} = {{ww,t' , I')} for some r' and I'. Hence 

Remark 1 . Given two sets of LETSS Ti and T2, sub{Ti\T2) does not equal 
sub(Ti) ■ sub(T2) in general. 

In the sequel we remind the use of clocks in association with an ETSS: 

We associate with each letter a of if two symbols, a history clock Xa and 
a prophecy clock ya- Denote then H{S) = {xa \ a G if} and P{S) = {ya \ 
a G if}, the respective copies of if that arise this wajQ. The use of the clocks is 
connected to each ETSS as follows: at each time point t G IR>o we can define 
the value of the clock Xa as the time elapsed since the last occurence of letter 
a in the ETSS; if no such occurences, put Xa = T. Similarity, ya holds the time 
remaining till the next occurence of a and is T if there is no such occurence. 
Hence some ETSS {w, r, I) defines a trajectory of clocks which is a function 
Ck = 7) : {H{S) U H(if)) x M>o — IR>o U {T} defined as: 

t—T{i) iff, denoting A= {/cG/ | w[k] = a and r{k) <t} we have 
A yf 0 and i = max A 
T otherwise 

T{i)—t iff, denoting B = {k£l \ w[k]=a and r(fc)>t} we have 
B and i = min B 
T otherwise 

A clock constraint is a boolean combination of atomic formulas of the type 
Xa < c, Xa < c, Xa = A, and ya < c, ya < c or ya = -L where c is some positive 
rational c G Q>o- The set of clock constraints over S is denoted Constr{E). 
For each initialized ETSS {{w,T,I),ti) the trajectory of clocks Ck defines at 
each time point t G IR>o an interpretation of the clock constraints. We use the 
notation (w, r, /, ti, t) |= C to encode that the interpretation Ck{-,t)^ maps the 
constraint C to true. 

For each clock K G H{E)U P{S) define the elementary clock constraints 
as all the formulas K = ±, c< K, c< K, c\ < K A K < C2, c\ < K A K < C2, 
c\< K A K <C2 or c\< K AK < C2, for some c, ci, C2 G Q>o- A simple con- 
straint is a formula f\a^s^C{Xa)AC{ya)) where C{xa) and C{ya) are elementary 
constraints. We denote SC{E) the set of simple constraints. 

It is clear that any clock constraint can be brought to a disjunction of simple 
clock constraints (a normal form without negation). E.g. ->{xa < 2 ) = (xa > 
2 ) V (xa = T). This property will be used in simplifying event-clock automata. 



Ck{xa,t) = 
Ck{ya,t) = 



^ Note that we do not use clocks Xe or y^. These clocks may be regarded as event-clock 
versions for the automata clocks in mm- 
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3 Event-Clock Automata and Regular Expressions 

In this his section we introduce event-clock automata with e-transitions and re- 
gular expressions which match these automata. The introduction of e-transitions 
in event-clock automata justifies the introduction of extended time state sequen- 
ces. 

Definition 4. An event-clock automaton (ECA for short) is a tuple A = 
(Q, E, S, qo, F) where Q is the set o/ states, Qo, F C Q are the sets o/initial resp. 
final states and 6 is the transition relation <5 C Q x (if U {e}) x Constr(E) x Q 
with |( 5 | < oo. 

A run of length n is a sequence of transitions Xi, C, gdlieH G 

ifU{e}) such that qo G Qo and qn & F. A zero-length run consists of some initial 
and final state. A partial run is a sequence of transitions like above but which 
may start or end in any location. 

We will give four types of languages to ECA. The first one is in terms of 
ETSS: an ETSS (w,t,I) with dom{T) = [n] is accepted by A iff there is a run 
(of the same length) ((gi_i, C, gi))iG[n] such that the word defined by the 
run is w and at the i — th action in the ETSS the respective constraint is true. 
Formally, for all i G [n] we have that w[t] = Xi and ^ C. We call 

some run admissible iff it is associated to some ETSS in the above sense. We 
denote Lf.{A) the set of ETSS accepted by A and call it the extended language 
of A. 

The second semantics comes via the map [•]: the abstract language of A, 
is the set of TSS which are the representatives of some ETSS accepted by A: 
La{A) = [Le(A)] = {[(w,T,/)] I (w,T,I) G Te(A)} 

The third semantics is in terms of LETSS: a LETSS {w,t, I A1A2) with 
dom{T) = [n] is accepted by A iff there is a run ((^i-i, ( 7 i))iG[m] such that 

m is the number of actions that occur within the interval [ti , ^2] and at the i-th 
action occuring in [ti,t2] constraint C) is satisfied. Formally, m = card{{i G [n] \ 
T{i) G [^1,^2]} and, denoting j = min{t G [m] \ t{i) G [^1,^2]} we have that 
{w,T,I,T{j -I- z — 1 )) \= Ci for all i G [n]. We denote Li{A) the set of LETSS 
accepted by A and call it the limited observation language. 

The last semantics, the language of abstract limited observation is 
Lal{A) = [[Ll{A)]] = {[[{w,T,I,tl,t2)]\ I {w,T,I A1A2) G Li{A)}. 

Note that La{A) yf Lai{A) in general, a counterexample being the ECA 
A = {{q,r},{a},{{q,a,true,r)},{q},{r}) for which Lai is the set of all TSS 
having at least one letter, while La{A) is a singleton. However 

Proposition 1. The class of sets of TSS which are the abstract language of 
some ECA equals the class of sets of TSS which are the language of abstract 
limited observation of some ECA. 

The proof of this is based on the following normal form of automata: 

Proposition 2. For each ECA A there exist an ECA B such that with Le{A) = 
Le{B) and such that all transitions in B have simple constraints (call this auto- 
maton simple ECA). 
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Proof. We rely on the decomposition of each constraint into a disjunction of 
simple constraints mentioned at the end of the previous section. We decompose 
first each constraint C on some transition into n simple constraints and then 
split that transition into n transitions with the same source and destination, 
each labeled with one of the simple constraints C is decomposed into. □ 

The proof of Proposition Q] can be done as follows: First observe that in a 
simple EGA an initial transition (i.e. starting in an initial state) which is labeled 
with a simple constraint C is in an admissible run iff C constrains all the history 
clocks to _L and similarily for final transitions (i.e. leading to some final state) and 
prophecy clocks. Note that this does not hold for runs associated to LETSS: e.g. 
the EGA ({g,r}, {a}, {{q,e,Xa = 2 ,r)}, {q}, {r}) has no admissible run but has 
some run associated to some LETSS (w,t,I,ui,U2) in which range{T)r\[ti,t2] = 
{r(j)}, = e and (w,T,I,T{i)) \= Xa = 2 . 

Hence, for the left-to-right passage transform the given EGA A (assumed 
simple) such that initial states have no incoming transitions and final states 
have no outgoing transitions (by the state-splitting technique). Then remove all 
initial transitions whose (simple) constraints do not check some history clock 
Xa to T; similarily remove all final transitions on which some prophecy clock 
ija is not constrained to T. Note that the resulting EGA has the property that 
it accepts a LETSS (w,t,I A1A2) iff the interval contains the domain of 

r. Finally, for all the remaining initial transitions remove from their constraints 
all conjuncts that refer to history clocks (which may be only AT = T), keeping 
the conjuncts that refer to prophecy clocks; similarily, for all the remaining final 
transitions remove from their constraints the conjuncts that refer to prophecy 
clocks. We get an EGA B with Lai{B) = La{A). 

What for the reverse, starting with some EGA A (not necessarily simple) 
transform it first such that initial states do not have incoming transitions and 
final states do not have outgoing transitions. Then, at all initial and final states, 
add loops labeled with all letters in S and constraint true. The abstract language 
of the resulting automaton will be equal to the language of abstract limited 
observation of A. □ 

Definition 5. An EGA is e-free iff there is no tuple in the transition relation 
labeled with the empty word. An e-free EGA is deterministic iff it has a single 
initial state and for each two distinct transitions having the same source and la- 
beled with the same symbol the conjunction of their constraints is a nonsatisfiable 
formula. 

An e-free EGA can be brought to a deterministic one by the algorithm in 
lALHlldl , which is an adaptation of the subset construction. As we have noted in 
the introduction this construction does not work for EGA that have e-transitions: 
this is similarily to the situation in finite automata theory. Bringing an EGA to 
an e-free one is the subject of EH]- 

Definition 6. The set eRE{E) of e-regular expressions over S is defined by 
the following grammar where a G E and C G Constr{E): 

E -.-^ \ {) \ {e,C) \ {a,C) \ E + E \ E;E \ E* 
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The rules without e give the set of regular expressions. 

We call atomic expressions of the type {x, C) with x G If U {e}. Also () is called 
the empty expression. 

We define two types of semantics of e-regular expressions, namely one in terms 
of LETSS (the concrete semantics) and another one in terms of TSS (the abstract 
semantics). The concrete semantics of an e-regular expression E is denoted \E\ 
and for atoms is: 

~ 101 containts all the LETSS (w, r, /, ti, < 2 ) such that the interval [^ 1 ,^ 2 ] does 
not contain any action (i.e. range^r) fl [ti,t 2 ] = 0). 

— |(e, C)| contains some LETSS (w, r, I, ti, ^ 2 ) iff there is a unique time point 

r(0 G [^ 1 ,^ 2 ] at which the inobservable action occurs, C holds there and no 
other action occurs in [ti,t 2 ] (i-e. range(r) n[ti,f 2 ] = {t(0}) (w,t, ^ 

C and = e). 

— |(a, C)| contains some LETSS (w, r, /, ti, ^ 2 ) iff there is a unique time point 
r(0 G [^ 1 ,^ 2 ] at which the observable action a occurs, C holds there and no 
other action occurs in the interval [ti,t 2 ] (i-e. range{r) fl [ti,t 2 ] = {'r(i)}, 
{w,T,I ^ C and w[z] = a). 

The semantics is then easily extended to e-regular expressions by structural 
induction: 

|Ei;E2| = |Ei|;|E2| |Ei + E 2 I = |Ei| U IE 2 I |0| = 0 
\E*\ = I I |E”| where = () and 

The abstract semantics, denoted ||E|| comes via the map [[•]] defined in the 
previous section: we put ||E|| = [[|E|]]. 

Hence there are two notions of equivalence of e-regular expressions: a concrete 
one and an abstract one. Clearly two e-regular expressions which are concrete 
equivalent are abstract equivalent too. The expressions (e, {xa = 2) A (j/a = 4)) 
and (e, {xa = 4) A {pa = 2)) show the reverse does not hold. 

Proposition 3. Each e-regular expression is concrete equivalent to an e-regular 
expression in which all constraints are simple. 

We conclude this section by pointing out that the semantics of chop on e- 
regular expressions cannot rely on concatenation of ETSS as defined above, hence 
ETSS cannot serve for defining some “natural” semantics of e-regular expression. 
The exact meaning of natural has to be studied further, but we rely on some 
properties concatenation should have based on our intuition that constraints 
on the Ihs of may refer to time points after the chopping point. One such 
property is that the semantics of (a, j/b = T);(&, C) should be the empty set 
regardless of the constraint C, but the semantics of (6, C) should be the empty 
set iff C would be some unsatisfiable constraint. Hence the operation that gives 
the semantics of chop should be able to capture the situation when applying it 
to nonempty sets gives the empty set, situation which is not captured by any 
operation which is defined at the level of elements (like on ETSS). 
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4 The Two Kleene Theorems 

Theorem 1 (Concrete Kleene theorem). The class of sets of LETSS which 
are the limited observation semantics of some ECA equals the class of LETSS 
which are the concrete semantics of some e-regular expression. 

Proof. For the right-to-left inclusion we proceed by structural induction. Note 
first that, for each atomic e-regular expression {x, C) (a: G if U {e}) the ECA 
■Ax,c = {{q,r},S,{{q,x,C,r)},{q},{r}) has Li{Ax,c) = \{x,C)\. Also for the 
empty expression () we may consider a single state ECA with no transition: 
({g}, E, 0, {g}, {g}). Then we adapt the usual constructions m for union, con- 
catenation and star: 

Fix two ECA Ai = {Qi,S,Si,Qo:Fi), i G [2] with disjoint sets of states 
(Qi n Q 2 = 0)- Then the ECA Au = (Qi U Q2, E, U 62, Ql U Qg, Fi U F2) has 
Li{Au) = Li{Ai) ULi{A2). 

What for chop, we note that drawing e-transitions from final states of .4i to 
initial states of A2 does not work here since LETSS accepted by the resulting au- 
tomaton would have an extra time point in r, corresponding to the e-transition. 
Hence we first transform both automata such that initial states do no have in- 
coming transitions and final states do not have outgoing transitions. Then build 
the automaton A: = (Q, E, S, Qo,F) where 

— Q consists of nonfinal states in Ai, noninitial states in A2 and pairs {q, r) G 
Fi X Ql; 

— Qo consists of the initial and nonfinal states of Ai and, for each initial and 
final state s in Ai, all pairs (s,r) with r initial in A2; 

— similarity, F consists of final and noninitial locations of A2 and, for each 
final and initial state s in A2, all pairs (r, s) with r final in Ai; 

— S consists of all transitions from i5i that do not involve some final state 
and all transitions from <52 not involving some initial state; moreover, each 
transition in Ai leading to some final state r gives rise to transitions leading 
to all pair states containing r and each transition in .A 2 starting in some 
initial state r gives rise to transitions starting in all pair states containing r. 
Formally: 

<5 = {(g, X, C, r) \ (g, x, C, r) G <5i and r ^ Fi}U 
{(g, X, C, r) I (g, x, C, r) G <5i and g ^ Qg}U 
{(g,x, C, (r, s)) I (q,x,C,r) G <5i,r G Fi and s G 
{((g,r),a;,C', s) | (r,x,C,s) e S2,r e Qo and g G Fi} 

The resulting automaton has Li{A-J = Li{Ai); Li{A2). 

The star construction is similar to the above, in the sense that each pair 
consisting of a final state and an initial one gives a new state. Hence we start, 
say, with Ai above, which is assumed to satisfy the requirement that initial 
states do not have incoming transitions and final states do not have outgoing 
transitions. Then construct At. = (Q*, E, <5,, Qj, F») where Qj is taken from Ai 
and 



Q, = (Qi\Fi)U(Fi xQi) 



F, = Fi X Qo 
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i5 = {(g, X, C, r) \ {q, x, C, r) S <5i and r ^ i^i}U 

{(g,x, C, (r, s)) I (q,x,C,r) G <5i,r G Fi and s G Qj}U 
{((g,r),a;,C', s) | (r,x,C,s) G 5i,r G Qg and q G i^i} 



The resulting automaton has = (Li(A))*. 

For the left-to-right inclusion, fix some EGA A = (Q, S, S, Qg, F) with Q = 
{gi, 92 , • • ■ , Qn} and denote Aij = {Q, S, S, {gj, {g^}). Build as in m the se- 
quence of e-regular expressions {Efj)i<ij^k<n whose concrete semantics equals 
the set of LETSS which have a run in Aij whose intermediate states (i.e. excep- 
ting qi and qj) have indices less than k: 



Note that the proof of this theorem may also run as follows: we can define 
symbolic semantics of e-regular expressions as words over the set of symbols 
n= ExConstr{S) that are the classical semantics of the e-regular expression, 
e.g. the symbolic semantics of {a,C)* consists of all the symbolic words with 
n concatenated symbols (a, C) . . . (a, C). These symbolic words are in fact star- 
free sum- free e-regular expressions. We can do the same for EGA by defining the 
symbolic language accepted by the EGA as the set of words over 17 which are the 
concatenation of the labels on some run, or, equivalently, the set of words over 
17 which are accepted by the EGA when it is regarded as a finite automaton over 
17. The classical Kleene theorem then says that the classes of symbolic semantics 
of e-regular expressions and of symbolic languages of EGA are equal. Note how 
the empty expression plays the role of the empty symbolic word. 

Then two more things are left to prove: the first is that the concrete semantics 
of e-regular expressions equals the union of the concrete semantics of all symbolic 
words in the symbolic semantics of the e-regular expression. The second is that 
the limited observation language of an EGA equals the union of the concrete 
semantics of all symbolic words in the symbolic language of the EGA. Both 
proofs are straightforward. 

Theorem 2 (Abstract Kleene theorem). The class of sets of TSS which are 
the abstract language of some ECA equals the class of sets of TSS which are the 
abstract semantics of some e-regular expression. 

This is a corollary of Theorem ^ and Proposition Q 

Note that similarity to all the above we may aprove that e-free EGA are 
equivalent to regular expressions. 





Then I ^ 




□ 



Qi^Qo Qj 
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5 Conclusions 

We have described here a class of regular expressions that have the same ex- 
pressive power as event-clock automata. The work can easily be extended to 
automata on infinite (extended) timed state sequences and w-regular expressi- 
ons as in the untimed case [tThoflnj or the timed automata case !ACMfl7j . Our 
result relies on a semantics of concatenation of regular expressions as a partial 
operation on a suitable defined class of timed state sequences. We think this hap- 
pens as event-clock automata are an interleaving model of distributed real-time 
systems. 

Recently Bouyer and Petit [BP99| have proved a Kleene theorem for timed 
automata that does not require renaming, as in |A0MH7| . The problem seems 
to come again from defining concatenation on real-time items. In this 

is solved by defining several concatenations constrained by the set of clocks to 
be reset at the “chopping” point. It would be interesting to see if our approach 
(i.e. keeping a unique, but partial, concatenation while changing the items to be 
concatenated) can be applied to timed automata too. 
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Abstract. New iteration lemmata are presented, generalizing most of 
the known iteration lemmata for regular, linear, context-free, and linear 
indexed languages. 



1 Introduction 

In a new iteration lemma for context-free languages was presented, genera- 
lizing the Bader Moura Lemma ( @ ). In this article is shown that it can be 
further generalized in the following directions : 

(1) strengthening the lower bound of the number of distinguished positions 
of a word z to be linear in the number of excluded positions of z instead of being 
exponential, 

(2) strengthening the upper bound of the number of distinguished positions 
of vwx in the same way. 

Most of the known iteration lemmata ( 0, 0, ra, [E! ) then follow from 
specializations, namely to have no excluded positions, or to distinguish all posi- 
tions. 

Such strong iteration lemmata are also shown for regular and linear context- 
free ( for short linear ) languages. Using a characterization of linear indexed 
languages ( |0| ), also a new strong iteration lemma for that class is shown. 

All notations not explicitly defined are standard, and may be found in m, 

EIS|- 

A linear indexed grammar is a 5-tuple G = (U, A, J, 5, P), where V, X, I are 
finite pairwise disjoint sets, the set of variables, terminals, and indices, respec- 
tively, S € V is the start variable, and P is a finite set of pairs (A/, a) , with 
A G V, /£/U{A}, oG X* U X*VI*X* , the set of productions. {Af, a) £ P is 
denoted by Af — >• a. 

Let a = uAfif 2 ■■■ fe.v with u,v G X* , A € V, fi G I U {A}, ,fe G I, 
£ > 1. If Afi -)> u' B f[ ■ ■ ■ f'^v' G P with u' ,v' G X* , B G V, /[,■■■, G I, 
m > 0, then we set a — >■ /3 with f3 = uu'Bf[ ■ ■ ■ /^/2 • • • fiv'v. Moreover, if 
Afi u' G P with u' G X* , then we set a — >■ /3 with (3 = uu' f 2 ■ ■ ■ fiV. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 226-^^^ 1999. 

© Springer- Verlag Berlin Heidelberg 1999 
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The language generated by a linear indexed grammar G = (V, X, I, S, P) is 
the set L{G) = {w | w S X* and S^w}, where ^ denotes the reflexive and 
transitive closure of — >■ . A language L is called linear indexed if L = L(G) for 
some linear indexed grammar G. 

Let S{z) denote the number of distinguished positions in a word z, and e{z) 
the number of excluded positions in z. Note that an excluded position might also 
be a distinguished one. Furthermore, let cr(z) denote the number of selected, i.e. 
distinguished, but not excluded positions in z. Trivially, 5{z) < a(z) + e(z). 

The following theorems will be needed to prove the new iteration lemmata. 

Theorem 1. f Generalized Bader Moura Lemma, see Let L be 

a context-free language. Then there exists an integer n = n{L) > 2, depending 
only on the language L, such that for any z £ L with 6{z) > there exist 

u, V, w, X, y such that z = uvwxy with 

(1) e{vx) = 0 and 

either S{u) > 0, 6{v) > 0, 6{w) > 0 
or 6{w) > 0, 6{x) > 0, S{y) > 0, 

(2) S{vwx) < 

(3) yi>0 : uv’‘wx^y £ L. □ 

An immediate consequence, by choosing e(z) = 0 in Theorem 1 is 

Theorem 2. Let L be a context-free language. There is an integer n = n(L) > 2, 
depending only on the language L, such that for any z £ L with 5{z) > n there 
exist u, V, w, X, y such that z = uvwxy with 

(1) either 6{u) > 0, <5(u) > 0, S(w) > 0 
or 6{w) > 0, S(x) > 0, S(y) > 0. 

(2) 6{vwx) < n 

(3) yi>0 : uv'^wx^y £ L. □ 

Theorem 3. ( see m ) Lf L' C Y* is a linear indexed language, then there 
exist an alphabet X, a context-free language L C X* and two homomorphisms 
hi, ft -2 : X* — >■ Y* such that L' = {hi{w)h 2 {w)^ \ w £ L} holds where z^ denotes 
the mirror image of z. 

□ 

2 Results 

The first new theorem generalizes the well known iteration lemma for regular 
languages to distinguished and excluded positions. 

Theorem 4. Let L be a regular language. Then there is an integer n > 2, 
depending only on L, such that for any z £ L with 6{z) > n ■ max(e(z), 1) there 
exist u, V, w such that z = uvw with 
(1) e(v) = 0, S(u) > 0, (5(u) > 0 
(2J S{uv) < n ■ (e(w) + 1) 

(3)'ii>Q ■. uv^w S L. 
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Proof. Consider a type 3 grammar G = (V,Vr, S, P) in normal form, generating 
L = L{G). This means that all productions are of the forms A — >■ Ba or A ^ a 
with A G Vm = V — Vt and a G Vr- Then the derivation tree of any z G L has 
a comb-like structure, i.e. there is one main path with exactly one right child 
having a terminal label, except for the lowest node which also has a terminal 
label. The depth of this tree is exactly \z\. 

Define a branch point to be a node on the main path whose right child is an 
excluded position. 

Let a distinguished path be a subpath of the main path, where either the 
upper node is the root and the lower one a branch point, or the upper and lower 
ones are branch points, or the upper one is a branch point but not the root and 
the lower one the lowest ( a leaf ), and all intermediate nodes are no branch 
points. It is easy to see that there are at most e(z) + 1 distinguished paths. 

Define n = 2 |Vat| -I- 5. 

If e(z) = 0 then there are more than 2|Cjv| + 5 distinguished positions in 
z. Let p be the main path. Then it consists of subpaths Pi,P 2 ,P 3 generating 
> I, I Vat I -I- I, I distinguished positions, respectively. Therefore there are two 
nodes on p 2 with the same label A, with A^Av^Miv , 5{v) > 0, z = uvw, and 
Vz > 0 : uv^w G L. Since ps generates exactly 1 distinguished position it follows 
that 6{u) > 0. Furthermore, 6{uv) < |Vat| -I- 2 < n. 

Let e(z) > 0. It is impossible that all distinguished paths generate at most 
I Vat I + 2 selected positions, since in that case it follows that 
< (e(2) -l- 1 )(|Cat| -I- 2) -|- e(z) < (2|VAr| -I- 5) • e(z). 

Thus there is a distinguished path p generating more than | Vat | -I- 1 selected 
positions. These have at least |Vat| + 2 fathers on p. Divide again p into subpaths 
PiiP 2 ,P 3 generating > 1, |V/v| -I- 1, 1 selected positions, respectively. 

Then there are two such fathers on p 2 with the same label A, A^Av^uv, 
cr(v) > 0, z = uvw, and Vz > 0 : uv’‘w G L. Since pa generates exactly 1 selected 
position it follows that cr(zz) > 0, and trivially e{v) = 0. Choosing p to be the 
lowest of such paths implies 

S(uv') < (e(u') + 1) • (|Viv| -I- 2) -I- e(zz) < n ■ (e(u) + 1). 

□ 

The second new theorem states a similar result for linear languages, genera- 
lizing known iteration lemmata. 

Theorem 5. Let L he a linear language. Then there is an integer n >2, depen- 
ding only on L, such that for any z G L with S{z) > n ■ max{e{z), 1) there exist 
u, V, w, X, y such that z = uvwxy with 

(1) e(vx) = 0 and 

either 5{u) > 0, <5(z;) > 0, 6{w) > 0, 
or 6{w) > 0, 6{x) > 0, S{y) > 0 

(3) 5{uvxy) < n ■ {e{uy) 1) 

(3)Vi>0: uv^wx^'y G L. 

Proof. Consider a linear grammar G = (V, Vt, S, P) in normal form, generating 
L = L{G). This means that all productions are of the forms A -G- Ba, A -G- aB, 
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or A ^ a with A, B G Vn = V — Vt and a GVt- Then the derivation tree of 
any z G L has a main path where the left or right children of nodes on it have 
terminal labels, except for the lowest node which also has a terminal label. The 
depth of that tree is exactly \z\. 

Define a branch point to be a node on the main path whose left or right child 
is an excluded position. 

Let a distinguished path be a subpath of the main path, where either the 
upper node is the root and the lower one a branch point, or the upper and lower 
ones are branch points, or the upper one is a branch point but not the root and 
the lower one the lowest ( a leaf ), and all intermediate nodes are no branch 
points. Again, there are at most e{z) + 1 distinguished paths. 

Define n = 4 |Vat| + 7. 

If e{z) = 0 then there are more than 2 |Vat| + 5 distinguished positions in z. 
Let p be the main path. Then it consists of subpaths Pi,P 2 ,P 3 ,P 4 generating 
l;|AAr| + l,|VAr| + l,> 1 distinguished positions, respectively. 

Case I. P 2 P 3 contains two nodes with identical labels A, A^vAx^wx, 
6 {v) > 0, S{x) > 0. Since S{uy) > 0, S{w) > 0 it follows that either 6 {u) > 0, 
6 {v) > 0, S{w) > 0, or 6 {w) > 0, S{x) > 0, S{y) > 0, and Vi > 0 : uv^wx^'y G L. 

Case II. Let the paths pi generate ai { bi ) to the left ( right ), respectively. 
Note that P 4 always contributes 5(w) > 0 since 5(0464) > 0. 

Consider 6 subcases where L { R) denote that P 2 ,P 3 generate distinguished 
positions only on the left ( right ), respectively. 

RR : 5(oi6i) > 0, 6(02) = 0, 6(62) > 0, 6(03) = 0, 6(63) > 0, 63 = c^xds, 

S{x) > 0, and p 2 contributes 5{y) > 0. 

RLl : 5(oi) > 0, 5(6i) > 0, 6(02) = 0, 6(62) > 0, 6(03) > 0, 6(63) = 0, 

^3 = csvds, S(v) > 0, and pi contributes S(u) > 0. 

RL2 : 5(oi) > 0, 5(6i) > 0, 6(02) = 0, 6(62) > 0, 6(03) > 0, 6(63) = 0, 

62 = C 2 xd 2 , S{x) > 0, and pi contributes 6 {y) > 0. 

The other 3 subcases are symmetric, left and right, L and R, u and y, v and 
X, interchanged. 

Then 5{uvxy) < 2 \Vn\ + 3 < n. 

Let e{z) > 0. 

It is impossible that all distinguished paths generate at most 2|V/v|+3 selected 
positions, since in that case 

5(.z) < (c(2) + l)(2|VAf| + 3) + e(z) < (4|V;v| + 7) • e(z) = n ■ e(z). 

Thus there is a distinguished path p generating more than 2| V/v| + 3 selected 
positions . These have at least 2 1 \ +4 corresponding fathers on p. Divide again p 
into subpaths Pi,P 2 ,P 3 ,P 4 generating 1 , | Vn | + 1 , | Vn | + 1 , > 1 selected positions, 
respectively. 

Case I. P 2 P 3 contains two nodes with identical labels A, A^vAx^wx, 
a{v) > 0, a{x) > 0. Since a{uy) > 0, cr(w) > 0 it follows that either a{u) > 0, 
a{v) > 0, a{w) > 0, or a{w) > 0, a(x) > 0, a(y) > 0, and Vi > 0 : uv^wx^y G L. 

Case II. Let the paths Pi generate at { bi ) to the left ( right ), respectively. 
Note that P 4 always contributes 5(w) > 0 since 6(0464) > 0. 
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Consider 6 subcases where L { R) denote that P2,Ps generate selected posi- 
tions only on the left ( right ), respectively. 

RR : a{aibi) > 0 , <7(02) = 0 , a{b2) > 0 , (7(03) = 0 , (7(63) > 0 , 63 = c^xdz, 
(j{x) > 0, and p 2 contributes a{y) > 0. 

RLl : CT(ai) > 0 , cr(6i) > 0 , a{a2) = 0 , (7(62) > 0 , (7(03) > 0 , (j{b^) = 0 , 
d 3 = csvds, cr(v) > 0, and pi contributes cr(u) > 0. 

RL2 : a(ai) > 0 , cr(6i) > 0 , cr(a2) = 0 , (7(62) > 0 , a(as) > 0 , (7(63) = 0 , 

62 = C2xd2, o'(x) > 0, and pi contributes a{y) > 0. 

The other 3 subcases are symmetric, left and right, L and R, u and y, v and 
X, interchanged. 

Choosing p to be the highest of such paths implies 

5{uvxy) < {e{uy) + 1) • {2\Vn\ -I- 3) -I- e{uy) < {e{uy) + 1) • (2|Vat| - 1 - 4 ) 

< n- {e{uy) + 1). 

□ 



Theorem 6. Let L be a context-free language. Then there exists an integer 
n = n{L) > 2, depending only on the language L, such that for any z € L with 
S{z) > n ■ max{e{z), 1) there exist u, v, w, x, y such that z = uvwxy with 
(1) e{vx) = 0 and 

either S{u) > 0, 6{v) > 0, 6{w) > 0 
or S(w) > 0, S(x) > 0, S(y) > 0 
S(vwx) < n ■ (e{w) 1) 

(3 )yi> 0: uv^wx^'y G L. 

Proof. Let G be a context-free grammar in Chomsky normal form generating L, 
and consider a derivation tree for z. Define a node to be a branch point if it 
has 2 children and both of them have excluded descendants. Define a node to be 
free if both children have no excluded descendants. 

A ( partial ) path is called distinguished if 

a) none of its intermediate nodes ( i.e not initial and terminal ) is a branch point, 
or it has no intermediate nodes. 

b) the initial node is either a branch point or the root of the tree, and the 
terminal node is either a branch point or an excluded position. 

From this definitions follows that has exactly e{z) — 1 branch points, and 
that the number of distinguished paths is either 2 • e(z) — 2 if the root of is a 
branch point, or 2 • e{z) — 1 if the root is not a branch point. 

Now define n = 2n' • (2|VAr| -I- 3) -I- 1 where n' is the constant from Theorem 

2. 

If e(z) = 0 the statement is just Theorem 2. 

Let e{z) > 0. There are at most 2e(z) — 1 distinguished paths, and more than 
(n — 1) • e{z) selected positions. All these are generated by the free children of 
intermediate nodes on distinguished paths. It follows that at least one distinguis- 
hed path p has to generate more than i(n — 1) selected positions, since otherwise 
|(n — 1) • {‘2e{z) — 1) < (n — 1) • e{z). Distinguish two cases. 

Case I. There exists a free child of p being the root of a binary tree gene- 
rating more than n' selected positions. Then Theorem 2 can be applied yielding 
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u"vwxy' with e{vx) = 0 , either 5 {u") > 0 , 5 {v) > 0 , 5 {w) > 0 , or 5 {w) > 0 , 
< 5 (a;) > 0 , 5 {y') > 0 , 6{vwx) < n' < n ■ (e(w) + 1 ), and Vz > 0 : uv^'wx^y G L 
where u = u'u" , y = y'y" ■ 

Case II. Each free child of p generates at most n' selected positions. To 
generate more than | (n — 1) selected positions there have to exist more than 
2 - |Viv| + 3 free children of p, each generating at least one selected position, since 
otherwise at most n'-( 2 |VAr| + 3 ) = |(n— 1 ) selected positions are generated by p. 

Each of these free children has a father on p, and there are > 2- 1 Vat| + 4 such, 
p consists of subpaths Pi,P2,P3,P4, generating > l,|VAr + l|,|Eiv| + l,l selected 
positions, respectively. 

Thus both, P2,P3 contain |VAr| + 1 fathers of free children, each generating at 
least one selected position. Therefore on each, P2,P3 there exist two such fathers 
with identical labels A { B ), respectively. 

Let the paths pi generate Ui (bi) to the left ( right ), respectively. Note that 
P4 always contributes S{w) > 0 since <5(0464) > 0 . 

Case II. 1 . P2P3 contains 2 such fathers with identical labels A, and with 
A^Ax, a{v) > 0 , a{x) > 0 . Now, since <t(oi6i) > 0 , it follows that either 
5 {u) > 0 ,( 5 (v) > 0 ,< 5 (z(;) > 0 , or 6 {w) > 0 , S(x) > 0 ,b(y) > 0 . 

Case II. 2 . Consider 6 subcases where L { R) denote that P2,P3 generate 
selected positions only on the left ( right ), respectively. 

RR : <t(oi6i) > 0 , <7(02) = 0 , <7(62) > 0 , <7(03) = 0 , <7(63) > 0 , 63 = Csxd^, 
a(x) > 0, and p2 contributes a(y) > 0. 

RLl : ct(oi) > 0 , <7(61) > 0 , 0(02) = 0 , <7(62) > 0 , <7(03) > 0 , <7(63) = 0 , 

(I3 = csvds, cr(v) > 0, and pi contributes cr(u) > 0. 

RL 2 : ct(oi) > 0 , <7(61) > 0 , 0(02) = 0 , <7(62) > 0 , <7(03) > 0 , <7(63) = 0 , 

62 = C2xd2, o'(x) > 0, and pi contributes a{y) > 0. 

The other 3 subcases are symmetric, left and right, L and R, u and y, v and 
a;, interchanged. 

Choosing p to be nearest to a leaf, and on p the lower 2 • |VAr| + 4 such 
fathers, the children of which generate at least one selected, position, implies 
5 {vwx) < ( 2 e(ia) — 1 ) • |(n — 1 ) + e(w) < n ■ e{w) < n ■ {e{w) + 1 ). 

□ 



Theorem 7. Let L he a linear indexed language. There exists an integer n >2 
depending only on L such that, for any z € L with 6{z) > n ■ (e(z) + 1 ) there 
exist ui,vi,wi,x\,yi,U2,V2,W2, X2,y2 such that 
z = uiViWiXiyiy2X2W2V2U2 with 

(1) e{viXiV2X2) = 0 and 

either 6{uiU2) > 0,<5(uiW2) > 0,<5(wi'u;2) > 0> 
or S{wiW2) > 0, S{xiX2) > 0, 6(piP2) > 0 

(2) S{vjWjXj) < n ■ (e{wiW 2 ) + 1), j = 1, 2 

( 3 ) yi >0 : uiViWiXi^yiy2X2^W2V2^U2 G L 

Proof. Consider a linear indexed language L C Y* . By Theorem 3 , there exist 
an alphabet X, a context-free language L' C X* and also two homomorphisms 
6-1, 6-2 : X* — >• Y* such that L = {hi{w)h2{w)^ \ w G L'}. 
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Let a = 2 ■ max{\hi{x)\ \ i € {l,2},x G X} and n = an' where n' is the 
constant for L' from Theorem 6. Note that a > 0 since otherwise L = {A}, a 
trivial case. 

Consider a word z G L with 6{z) > n ■ (e{z) + 1). There is a word p G L' such 
that z = h\{p)h 2 {p) ■ Let \p\ be minimal, i.e. z = hi{p')h 2 {p') ,p' G L' implies 
IpI < \p'\. Let p = Si ••• St G X+, si, - • • ,st G X. 

Consider the words zi = h\{p) and Z 2 = h 2 {p)- Then e(z) = e(zi) + e(z 2 ). 
For i G {!,■■■ ,t} exclude the position of p = si • • • St if and only if one of 
the positions of hi(si)h 2 (si) is excluded. Then e(p) < e(zi) + e(z 2 ) = e(z). 

Furthermore, for z G {1, • • • , t} distinguish the z*^ position of p = Si • • • St 
if and only if one of the positions of hi(xi)h 2 (xi) is distinguished. This implies 
a ■ 5{p) > 6{z) > n ■ max{e{z), 1) = (an') • max{e{z), 1) > a ■ n' ■ max{e{p), 1), 
and this implies S(p) > n' ■ max{e{p), 1). 

Then Theorem 6 can be applied to L' and p G L' . Thus p = uvwxy with 
either S{u) > 0,i5(z;) > 0, 5('ic) > 0, or 5{w) > 0,J(a:) > 0,S{y) > 0, e(vx) = 0, 
5{vwx) < n ■ (e(w) + 1), Vz > 0 : uv'wx''y G L', and 

z = hi{u)hi{v)hi{w)hi{x)hi{y)h 2 {y)^h 2 {x)^h 2 {w)^h 2 {v)^h 2 {u)^. 

Assume hi{v)hi{x)h 2 {x)h 2 {v) = A. Now Vz > 0 : uv^wx'y G L', and in 
particular uwy G L'. Therefore z = hi{uwy)h 2 {uwy)^ . Since \vx\ > 0, this is a 
contradiction to the minimality of |p|. Thus \hi{v)hi(x)h 2 {x)h 2 {v)\ > 0. 

Set ui = hi{u), v\ = hi{v), wi = h\{w), x\ = hi{x), yi = hi{y), and 
2/2 = h 2 {y)^, X 2 = h 2 {x)^, W 2 = h 2 {w)^, V 2 = h 2 {v)^, U 2 = h 2 {u)^. Then 
|nia;ia: 2 U 2 | > 0. From e{vx) = 0 follows e(z;ia;ia; 2 W 2 ) = 0. 

From 5{u) > 0,(5(z;) > 0,(5(zc) > 0 follows that 5{u\U2) > 0, 5{v\V2) > 0, 
5{wiW2) > 0, and from i5(z<;) > 0,(5(x) > 0,(5(p) > 0 follows that 5{wiW2) > 0, 
S{xiX2) > 0 , S{yiy2) > 0 . 

Theorem 6 gives 6{vwx) < (n') • (e(zu) + 1). Since e{w) < e{wiW 2 ) it follows 
that 

5{vjWjXj) < a ■ 5{vwx) < a ■ (n') ■ (e(w) + 1) < (an') ■ (e(w) + 1) 

< n ■ (e(w) + 1) < n • (e(z«iz<; 2 ) + 1) 

for j = 1,2. □ 
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Abstract. The exponential output size problem for top-down tree tran- 
sducers asks whether the size of output trees grows exponentially in the 
size of input trees. In this paper the complexity of this problem is stu- 
died. It is shown to be NL-complete for total top-down tree transducers, 
but DEXPTIME-complete in general. 



1 Introduction 

Top-down tree transducers have been introduced in the late sixties by Rounds 
and Thatcher pioii7fllTha,70ITha,7,3) as a generalisation of finite-state transdu- 
cers on strings. The main motivation was to provide a simple formal model of 
syntax-directed transformational grammars in mathematical linguistics and of 
syntax-directed translation in compiler construction (for the latter, see the re- 
cent book by Fiilop and Vogler |FV98| V Since these times it has turned out 
that top-down tree transducers are a useful tool for many other areas, too, and 
their properties and extensions have been studied by a variety of authors. For 
references see, e.g.. 

As mentioned above, top-down tree transducers are a generalisation of finite- 
state string transducers (also called generalised sequential machines) to treefl 
Like these, top-down tree transducers are one-way machines which process their 
input in one direction, using a finite number of states. However, while string 
transducers usually process their input from left to right, top-down tree trans- 
ducers transform input trees to output trees from the root towards the leaves 
(which, of course, is the reason for calling them top-down tree transducers). 
Roughly speaking, the string case is the special case where the input and output 
trees are monadic trees (which can be viewed as “vertical strings” ) . 

* Partially supported by the EC TMR Network GETGRATS (General Theory of 
Graph Transformation Systems) and the ESPRIT Working Group APPLIGRAPH 
through the University of Bremen. 

^ In this context, a tree is a labelled, ordered tree whose labels are taken from a ranked 
alphabet (or signature), i.e., a term. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 234-^4^ 1999. 

(c) Springer- Verlag Berlin Heidelberg 1999 



Exponential Output Size of Top-Down Tree Transducers 235 



Although the generalisation is quite a direct one, the fact that trees instead 
of strings are considered makes a rather crucial difference in certain respects. 
This concerns, for example, closure properties which are known from the string 
case but do not carry over to the case of top-down tree transducers. For instance, 
an infinite hierarchy is obtained by considering compositions of top-down tree 
transducers (see |Fng82| ). Another important difference is that, intuitively, the 
computations of top-down tree transducers are usually ramifying: when the top- 
most node of an input tree has been processed, the computation proceeds on 
all subtrees in parallel. In fact, there can even be some non-linearity in the 
sense that subtrees are copied and the copies are processed individually. One 
of the most distinct consequences of this fact is that, in contrast to the string 
case, the size of the output trees of a top-down tree transducer is not necessa- 
rily linear in the size of its input trees. As an example, consider the two rules 
7[(;[a;]] — >■ /[7[a::], 7[a:]] and 7(0] — >■ a (which should be considered as term rewrite 
rules in the usual way). Here, 7 is a state and f,g,a are symbols of rank 2, 1, 
and 0, respectively. Without going into the details it should be clear that these 
rules transform the monadic tree g[- ■ ■ g[a] ■ ■ ■] of height n into a complete binary 
tree of the same height. Thus, the output size is exponential in the size of input 
trees. It follows directly from the definition of top-down tree transducers that 
an exponential size of output trees is the maximum growth they can achieve. 
However, it is as well possible to build a top-down tree transducer whose output 
size is given by a polynomial of degree k, for any given A: S N. As a simple 
example, consider the rules 

t[5N] -J>/[7N,7'N], ^ [g[x]] ^ g[y' [x]] , -i'[a]^a. 

Taking 7 to be the initial state, an input tree g[- ■ ■ g[a] • • • ] of size n-|- I is turned 
into the output tree /[• • • f[f[a, ti], ^2], • ■ • tn], where each ti is a tree g[- ■ ■ g[a] ■ ■ ■] 
of size i. In other words, the size of output trees is quadratic in the size of input 
trees. It is known from |AU71| and will turn out as a corollary in Section 0 that 
the output size of a top-down tree transducer is either bounded by a polynomial, 
or is exponential. 

In this paper the complexity of the corresponding decision problem is studied: 
given top-down tree transducer td, is its output size ostd{n) exponential in the 
size n of input trees? It turns out that this problem is efficiently solvable (namely 
NL-complete) for total top-down tree transducers, but is very hard (namely 
DEXPTIME-complete) in general. The NL- respectively DEXPTIME-hardness 
of the two variants is relatively easy to establish, but it is less obvious that these 
resources are indeed sufficient. In fact, a decision algorithm for the exponential 
output size problem is implicit in the results of ^IJ71| (using somewhat different 
notions), but complexity issues are not addressed in that paper. 

Although the corresponding problem for bottom-up tree transducers will not 
be considered in this paper, it should be remarked that the same results can 
be proved for this case as well. The proofs are similar to some of the proofs 
given here, but are rather straight forward (and thus less interesting) because 
the computations of bottom-up tree transducers have a considerably simpler 
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structure. In particular, the combinatorial results on trees developed in Section^ 
are not required. 

The paper is structured as follows. In the next section the basic notions 
and in Section |3 top-down tree transducers are recalled, and it is shown that the 
exponential output size problem can be reduced to the case of total deterministic 
string-to-tree transducers. In Section 0 a result is shown which will be used by 
the decision algorithms developed in Section 0 where the main result of this 
paper is presented. Finally, in Section El a short conclusion is given. Due to lack 
of space, a number of details in the proofs must be skipped. The complete proofs 
will be given in the full version of the paper. 



2 Preliminaries 

The sets of all natural numbers, including and excluding 0, are denoted by N 
and N+, respectively. For every n G N, [n] denotes the set {1, . . . , n}. The set of 
all finite sequence over a set A is denoted by A* . The empty sequence is denoted 
by A; the length of a sequence s is denoted by |s|. Concatenation of sequences is 
denoted by juxtaposition. 

Like the length of a sequence, the cardinality of a set A is denoted by |A|. 
The canonical extensions of a function f : A ^ B to the power set of A and to 
A* are denoted by /, too. Hence, f{A') = {/(a) | a G A'} for all A' C A, and 
/(oi • • • a„) = /(oi) • • • /(a„) for all oi, . . . , a„ G H. The reflexive and transitive 
closure of a binary relation r C A x B is denoted by r*. The domain of r, i.e., 
the set {a G A\{a,b) G r for some b G B}, is denoted by dom{r). 

A (finite, ordered) unlabelled tree is a finite prefix-closed subset T of The 
elements of T are called its nodes. The rank of a node u in T is the number of 
distinct natural numbers i such that vi G T. The rank of T is the maximum rank 
of its nodes. A leaf is a node of rank 0. A node u is a descendant of a node v ii v 
is a proper prefix of u. Conversely, u is a predecessor of v if it is a proper prefix 
of V. The subtree ofT rooted at v is the tree {v' \ vv' G T}. A direct subtree ofT 
is a subtree of T rooted at v for some u G T fl N. The size of T is |T|, its height 
is ht{T) = max{|u| | u G T} — 1, and its width, denoted by wd(T), is the number 
of leaves in T. 

A labelled tree is a mapping t: T ^ L, where T is an unlabelled tree and 
L is a set of labels. The underlying unlabelled tree T is also denoted by N{t) 
in this case. All notions and notations introduced for unlabelled trees above 
carry over to labelled trees in the obvious way. In the following, the attributes 
‘labelled’ and ‘unlabelled’ will mostly be dropped when speaking about trees. 
As a general rule, unlabelled trees will be denoted by capital letters (usually T) 
whereas labelled trees will be denoted by lowercase letters (usually s and t) . 

For trees ti, . . . ,tk and a label /, f[t\, . . . ,tk] denotes the tree t such that 
N{t) = {AjuUeW {iv\v G N{ti)}, where t{\) = f and t{iv) = ti{v) for all 
i G [k] and v G N{ti). The tree /[] is usually denoted by / (which actually 
means that a single-node tree is identified with the label of that node) . 
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A signature is a pair (A, ranks) consisting of a finite set E and a mapping 
ranks : A — >■ N which assigns to every f G E its rank. For notational conveni- 
ence, in the following we shall write E instead of {E, ranks). If E is clear from 
the context, writing for f G E is & shorthand for stating at the same time 
that ranksif) = k. A signature E is monadic if E = E' LI for some sig- 

nature E' all of whose symbols are of rank 1. For an arbitrary set S with e ^ S, 
mon{S) denotes the monadic signature | / G U A tree is called 

monadic if it has the form /i[- ■ • /n[e] ■ ■ • ] for some /i, . . . , /„. (Notice that such 
a monadic tree could be identified with the string fi ■ ■ ■ fn-) 

For a signature E and a set S of trees, E{S) denotes the set of all trees 
f[ti, . . . ,tk] such that f^^'> G E and ti,. . . ,tk G S. Furthermore, Tj;(S') denotes 
the set of trees over E with subtrees in S. It is the smallest set of trees such that 
^ C Ti; and, for all G E and ti, . . . G Ti;(S'), /[ti, . . . ,tfe] G Ti;(5'). The 
notation Ti; is used as an abbreviation for Ti;(0). 

For the rest of this paper, let X = {x\,X 2 , . . . } be an indexed set of pairwise 
distinct variables. Variables are always viewed as symbols of rank 0. For every 
n G N, Xn denotes {xi, . . . ,x„}. The set of variables is assumed to be disjoint 
with all signatures under consideration. The variable Xi is also denoted by x. 

If t and ti, . . . , are trees, then t|ti, . . . , t„]] denotes the substitution of U for 
Xi in t {i G [n]). More precisely, if t = x^ for some i G [n] then tfti, . . . ,t„]] = ti 
and if t = f[si,...,Sk] with / ^ {xi, . . . , x„} then 

tlh, . . . , t„] = f[si |ti, . . . , t„] , . . . , Sfe |ti, . . . , tnj\ . 

A rewrite rule is a pair p = (I, r) of trees, called the left- and right-hand side, 
respectively, such that I contains every variable at most once and every variable 
in r occurs in I, toofl Consider some n G N such that A„ contains all variables 
that occur in 1. Then, p determines the binary relation — >-p on trees such that 
s^pt if s can be written as sopjsi, . . . , s„]]]] for a tree sq which contains xi 
exactly once, and t equals So|r|si, . . . , Snll- If i? is a set of rewrite rules, — 
denotes the union of all — >-p with p G R. 

3 Top-Down Tree Transducers 

Top-down tree transducers transform input trees into output trees in a top-down 
manner, using a restricted type of term rewrite rules. 

Definition 1 (top-down tree transducer). A top-down tree transducer is a 
tuple td = (A, A', T, i?, 7 o) such that 

— A and E' are signatures, called the input signature and the output signature, 

— r is a signature of states of rank 1 each, such that F is disjoint with AUA', 

— i? C r{E{X)) X T^/(A(A)) is a finite set of rewrite rules, and 

— 7 o G A is the initial state. 

^ Notice that rewrite rules are always assumed to be “left-linear”. 
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The top-down tree transduction computed by td, which is also denoted by 
td, is the set of all pairs (s,t) G Ti; x T^;' such that 7o [s] — where -^td 
denotes the rewrite relation — 

In the following, for every top-down tree transducer {S, S' , T, R^^q) and 
every state j G T the top-down tree transducer (S,S',r,R,j) is denoted by 
tdj. As a convention, it is assumed that the variables in the left-hand side of a 
rule, read from left to right, are always xi, . . . ,Xk for some fc G N. Thus, every 
rule of a top-down tree transducer td = {S, S' , T, R, 70) has the form 

7 [/[a;i, . . . , Xk]] -)> tl 7 i , 7 n[a;i„]l, 

where 7,7i,...,7„ G R, G S, and t G Ti;/(X„) for some A:, n G N. By 
convention, denoting a rule in this way means that t contains every variable in 
exactly once. This convention carries over to the denotation of derivation steps: 
in 7 [/[Ai, ■ ■ • , tk]] ~^td , 7n[Ai„]l every 7^- [ti.] is assumed to correspond 

to one particular occurrence of this subtree in t[[7i[tij, . . . ,7n[ti„]l (but notice 
that we may have 7j[tij] = for some distinct j,j' G [n], of course). 

A rule of a top-down tree transducer is called a "ff-rule if it has the form 
'y[f[xi , . . . , Xk]] — >■ t. Thus, a 7/-rule is a rule that processes the input symbol / in 
state 7. A top-down tree transducer td = (A, S' , T, R, 70) is total {deterministic) 
if it contains at least one (at most one) 7/-rule for every 7 G T and f G S. 
Clearly, if td is total then td{t) 7^ 0 for alH G Tu, and if it is deterministic then 
it computes a partial function. 

The output size of a top-down tree transducer td is given by ostd{n) = 
max{|t| I (s, f) G td and |s| < n} for all n G N+ 0 Notice that ostd is a monotonic 
function. If there are c G K and no G N such that c > 1 and ostd{n) > c" for 
all n > Uq, then ostd is exponential. The exponential output size problem is the 
problem to determine (on input td) whether ostd is exponential. 

A (top-down) string-to-tree transducer is a top-down tree transducer st = 
{S, S' , r, R, 7o) whose input signature S is monadic. For a derivation 7(5] — >■*( t 
with 7 G T, s G T^', and t G T s' at corresponding computation tree, which 
is a tree with labels in T, is defined as follows. If the derivation has the form 
7[e] — t then its computation tree is the tree 7. Otherwise, the derivation must 
have the form 7[/[s']] Aol7i[s']> • ■ • .7fe[s']l toPi, ■ ■ ■ , 41 - In this case, its 
computation tree is 7[t(, . . . , tj.], where is the computation tree of the i-th sub- 
derivation 7i ti, for i G [A]. The set of all computation trees of derivations 

of st is denoted by st-ct. 

In the case of string-to-tree transducers, instead of considering the size of 
output trees one may as well determine whether the number of leaves grows 
exponentially. This fact should be rather obvious, so the proof is skipped. 

Lemma 2 . The output size of a string-to-tree transducer st is exponential if and 
only if there is some c G M, c > 1 , such that st-ct contains an infinite number 
of trees t satisfying wd{t) > . 



® As usual, max0 is defined to be 0. 
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The next two lemmas are quite useful as they allow to restrict one’s attention 
to the case of total deterministic string-to-tree transducers, which are consider- 
ably easier to deal with than general top-down tree transducers. First, every 
top-down tree transducer can be transformed into a deterministic one without 
affecting the output size too much. 

Lemma 3. For every top-down tree transducer td one can construct a determi- 
nistic top-down tree transducer td' such that ostd' is exponential if and only if 
ostd is exponential. The construction preserves totality and can be carried out 
on logarithmic space. 

The construction of td' mainly adds new unary symbols (7, i) to the input 
signature and uses states of the form 7*, where 7 is a state of td and i G [m], 
m being the maximum number of rules with the same left-hand side in td. If 
a symbol (7,j) or an input symbol / of td is encountered in state 7* then td' 
switches to 7-^ or applies the ith 7/-rule of td, respectively. In this way the 
nondeterminism of td is shifted into the input signature. 

Lemma 4. For every top-down tree transducer td a total string-to-tree trans- 
ducer st can be constructed, such that osst is exponential if and only if ostd is 
exponential. The construction can be carried out on logarithmic space if td is 
total, and in exponential time otherwise. 

Proof. Let td = {S, S' , F, R,jo). By Lemma 0 it may be assumed that td is 
deterministic. Let p be the maximum rank of symbols in S, which is, without 
loss of generality, assumed to be at least 1. Intuitively, st is constructed in 
such a way that it reads the paths in the input trees of td and produces the 
corresponding part of the output tree. 

Consider the total case first. Let q be the maximum number of occurrences 
of a variable Xi in a right-hand side of a rule in R. Then st = {A, A' , F, R' ,jq), 
where A = mon{{fi \ f G E,i G [p]}). A' = {h^^ | n = 0 , . . . , g}, and R' is con- 
structed as follows. For every rule ^[f[xi, . . . ,Xk]]^t in R and every i G [p], 
if . . . ,"tn[xi] are the subtrees of t which are elements of T({xi})@ then 

R' contains the rule 7[/i[a:]] — >• hn["fi[x \, . . . , 7n[a;]]. Furthermore, for the sake of 
totality the (useless) rule 7[e] — >■ h^ is added to R' , for every 'y G F. 

Clearly, totality is preserved by this construction, which can obviously be 
carried out on logarithmic space. Furthermore, by the definition of top-down tree 
transducers the rank of nodes in the input and output trees of td is bounded by a 
constant, and there is some p gN such that (s, s') G td implies ht{s') < p-ht(s). 
These facts can be used to show that oSst is indeed exponential if and only if 
ostd is exponential, which yields the result for the total case. 

Now, let us drop the assumption of totality. In this case it must be ensu- 
red that st does not produce a large output tree by processing some path in 

More precisely, if vi,...,Vn are the (pairwise distinct) nodes in JV(t) such that 
t(vil) = ■■• = t(v„l) = Xi then 71 [si], . . . , 7„[a;i] are the subtrees of t rooted at 
v\, . . . ,Vn, respectively. Thus, a tree 'y'[xi\ occurs in this list as many times as in t. 
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an input tree of td on which td would not yield any result. To see what this 
means, imagine a derivation of td on input s and consider the set {71, . . . ,7m} 
of states in which copies of a particular subtree s' of s are processed. Clearly, 
the derivation can produce an output tree only if s' lies in the intersection of the 
domains of td^^ , ■ ■ ■ , td^^ . Therefore, st cannot simply use nondeterminism in 
order to process an arbitrary path of a tree in Tj; because this could mean that 
it disregards such “dead ends” appearing elsewhere in the derivation of td. In st 
this problem will be solved by “cutting off” a derivation as soon as a configura- 
tion is reached for which there is no appropriate completion of the input path 
to an input tree of td. However, in order to implement this, one has to make use 
of more sophisticated states which keep track of the set of states of td in which 
it processes copies of a subtree of the input. 

Let st = {A, A' , r' ,R " where Z\ and A' are as above, F' is the set of 
all states of the form (71, {71, . . . , 7m|) with 71, ... , 7m G F, the initial state 7 q 
is (70) {70})? and R" is constructed as follows. Let (71, {71, . . ■ , 7m|) G F' and 
f G S. There are two cases which lead to different rules in R" . 

1 . For every j G [m] there is a 7j/-rule 7^ [/[xi, . . . , Xfc]] — >■ in R, and, for 

every i G [p], if Fi is the set of all states 7 G T such that the subtree 
occurs in one of H, . . . , tm, then dom(tdj) yf 0 . In this case, for every 

i G [p], R" contains the rule 

(71, {71, • ■ • , 7 ml)[/iN] K[{ii,ri)[x ], . . . , (7^, Fi)[x]], 

where 7}[xj], . . . ,7^[xi] are the subtrees of H which are elements of T({xi}). 

2 . Otherwise, the rule (71, {71, . . . ,"fm})[fi[x]] — >■ ho is in R" for every i G [p]. 

As before, we also add to R" all rules of the form (71, {71, . . . , 7m})[e] — >■ ^o- 
By construction, st is total. Again, it can be shown that oSst is exponential if 
and only if ostd is. Therefore, it remains to argue that st can be constructed in 
exponential time. For this, it must be shown that it can be decided in exponential 
time whether S = ri7ero dom{tdj) is empty, for Iq C F. However, it is well- 
known that S' is a regular tree language which can be recognised by a tree 
automaton whose set of states is the power set of F. This tree automaton can 
be constructed easily in exponential time. Furthermore, the emptiness problem 
for regular tree languages can be decided in polynomial time in the size of a tree 
automaton defining the language (this is the emptiness problem for context-free 
string languages “in disguise”). Thus, altogether, the emptiness of S can be 
decided in exponential time, which completes the proof. □ 



4 The Branching Index of Outpnt Trees 

In this section it will be shown that, intuitively, trees of exponential width must 
necessarily contain trees with many ramifications on every path. In order to 
formalise this, the branching depth and the branching index of trees are defined. 
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Definition 5 (branching depth and branching index). Let T be a tree. 
The branching depth of T is the smallest natural number b such that there is a 
leafy G T which has exactly b distinct predecessors of rank > 2. The branching 
index of T is the maximum branching depth of all trees T' C T. 

The lemma below states that the width of trees is polynomially bounded in 
their height if an upper bound is placed on their branching index. 

Lemma 6. Let S be a set of trees of bounded rank, such that there is a bound 
6 G N on the branching index of trees in S. Then, there is a polynomial pb of 
degree b such that wd(T) < pb{ht{T)) for all trees T. 

Proof. Let r G N be a bound on the rank of trees in S and proceed by induction 
on b. A tree T of branching index 0 can at most have the rank 1, which implies 
wd{T) = 1 = ht{T)^ . Now consider some 6 > 0 and let T be a tree of branching 
index < b having k < r direct subtrees T\, . . . ,T^. If the branching index of 
one of Ti, . . . ,Tfe is greater than b or there are distinct i,j G [k] such that the 
branching index of both Ti and Tj is b, then it follows that the branching index of 
T is at least 6-1-1. Therefore, at most one of the direct subtrees (Ti, say) has the 
branching index 6 and none of them has a larger branching index. According to 
the induction hypothesis, T 2 , . . . ,Tk satisfy wd{Ti) < pb-i{ht{T) — 1). Therefore, 
wd{T) < wd{Ti) -I- (r — 1) ■ pb-i{ht{T) — 1). Repeating the argument for Ti until 
a tree of height 0 (and, therefore, of width 1) is reached, yields 

wd{T)<i+j:':if^-\r-i)-pb.A^) 

< (r - 1) • ht{T) ■ pb-i{ht{T)) + 1, 

which is a polynomial in ht{T) of degree 6 as pb-i is one of degree 6—1. □ 

Corollary 7. Let S be an infinite set of trees of bounded rank and let c G M, 
c > 1. // wd{T) > Jqj. dll T G S, then there is no upper bound on the 

branching index of trees in S. 

It will now be proved that every set of labelled trees (with finitely many 
labels) of unbounded branching index contains a tree t such that there is a node 
V having two distinct descendants at the same height which carry the same label 
as V. Later on, this will be used in order to create a kind of pumping situation 
which characterises string-to-tree transducers having an exponential output size. 

Lemma 8. Let S be a set of trees with labels in a finite set L. Lf the branching 
index of trees in S is unbounded, then there exists a tree t G S which contains 
two distinct nodes vqv and vqv' such that |u| = |u'| and t{vov) = t{vo) = t{vov'). 

Proof. Consider some tree t G S whose branching index L is at least 
some n G N, and let T C A (t) be a tree of branching depth I. Assume without 
loss of generality that the rank of T is at most 2. It is shown below that, if T 
does not contain two distinct nodes VqV and Vqv' as required, then the set t{T) 
of labels must exceed n (which proves the lemma by taking n = |L|). 
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For every node w G T let t{w) denote the set of labels of w and its pre- 
decessors, i.e., t{w) = I w = w'w" for some w” S Then the proof is 

finished as soon as it is shown that, for every m < n, there is a node w G T ha- 
ving at most * predecessors of rank 2, such that \t{w)\ > m. This is proved 

by induction on m. For m = 0 the assertion certainly holds, taking w = X. For 
m > 0 consider some vq G T having at most predecessors of rank 2, such 

that |t(uo)| > m. By assumption, there should not exist two distinct descendants 
vqv and vqv' of v such that |u| = |v'| and t{vov),t{vov') G t(vo). Now, choose 
some vgv G T such that (a) there are m predecessors vqVi of vqv in T whose rank 
is 2 and (b) the length of VqV is minimal (subject to requirement (a)). Notice 
that such a node vqv exists because there are at most * predecessors of vq 

whose rank is 2, whereas every leaf of T has at least predecessors of rank 

2, due to the branching depth of T. For the same reason, (b) implies that there is 
no leaf vqv' S T such that |u'| < |u|. Therefore, the set N = {vqv' G T | |u'| = |u|} 
satisfies |fV| > m (using (a)). Furthermore, again using (b), every node vqv' G N 
has at most + ~ predecessors of rank 2. However, as pointed out 

above, there cannot be two distinct descendants vqv' and vqv'' of vq such that 
t{vov') = t{vov") G t{vo). Therefore, there is at least one node vqv' G N such 
that t{vov') ^ i{vo), which means that |t(uou') | > i{vo) -I- 1 = m, as asserted. □ 

The decision algorithm developed in the next section is based on the follo- 
wing theorem which characterises the class of total deterministic string-to-tree 
transducers with an exponential output size. In fact, the theorem could also be 
formulated for top-down tree transducers in general, but this would be techni- 
cally more difficult. 

Theorem 9. The output size of a total deterministic string-to-tree transducer 
st is exponential if and only if there is some tree t G st-ct and there are distinct 
nodes vov,vqv' G N ft) with |r)| = such that t{vov) = t(vo) = t{vov'). 

Proof. Let st = {E, S' , P, R, 70 ). We shall consider both directions of the stated 
equivalence separately. 

By Lemma 0, Corollary 0 and Lemma 0 there is some t G st-ct 
containing nodes vqv and vqv' such that |u| = |u'| and tfuov) = t(vo) = t(vov'), 
as required. 

Consider some derivation 70 [s] ->-*t s' whose computation tree t con- 
tains nodes vqv and vqv' of the type required. Then, s can be decomposed 
as s = so[[si[[s 2 ]l], where ht{so) = |uo| and ht{si) = |u|. Now, define = 
X and = sj|si] for all i G N. Due to the assumption saying that st 

is total, it follows by a straightforward induction that there is a derivation 
7 o['SoI'SiI'S 2 ll] — for every f G N (where s'* G T^;/) whose computation 
tree P satisfies wdfP) > 2L By Lemma |2 this means that the output size of st 
is exponential. □ 

As a by-product of the results in this section we get the following corollary 
(already known from pTuTTl L which holds because the only-if direction of the 
proof of Theorem^ could as well be proved using LemmaEI instead of the weaker 
Corollary 0 
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Corollary 10. For every top-down tree transducer td, either ostd G 0{n^) for 
some fc G N, or ostd is exponential. 

5 The Main Result 

In this section the main result of the paper is proved: The exponential output size 
problem is NL-complete for total top-down tree transducers and DEXPTIME- 
complete in the general case. In order to prove that corresponding decision algo- 
rithms exist, it is shown that the problem can be reduced to a problem on graphs 
which is related to the well-known problem REACHABILITY (see Pap94| ). 

In the following, a graph is a tuple G = {V, if , cr, r, lah) consisting of a finite 
set V of nodes, a finite set E of edges, functions a: E ^ V and t\ E ^ V 
assigning to every edge its source and target node, respectively, and a labelling 
function lab: E ^ L assigning to every edge e G E a label lab{e) G L, where L 
is some set of labels. (Notice that these graphs are multigraphs, i.e., there may 
be parallel edges carrying the same label.) For v,v' G V a vv' -path of length n 
in G is a sequence ei • • • e„ of edges such that cr(ei) = v, T(ei) = cr(ei+i) for all 
i G [n — 1], and r(e„) = v' . 

The following lemma is easy to prove by “guessing” appropriate paths. 

Lemma 11. Given a graph G = {V, E, a,r, lab) and nodes u,u' GV, a nonde- 
terministic Turing machine can determine on logarithmic space whether there is 
a uu' -path po and there are distinct u' u' -paths p andp' such that lab(p) = lab{p'). 

It can now be shown that it is possible to determine nondeterministically on 
logarithmic space whether the output size of a total deterministic string-to-tree 
transducer is exponential. 

Lemma 12. The exponential output size problem for total deterministic string- 
to-tree transducers is in NL. 

Proof. By Theorem E it suffices to prove the following claim. 

Claim. For a total deterministic string-to-tree transducer st = (E, E' , T, R,^q) 
it can be decided by a nondeterministic Turing machine on logarithmic space 
whether there is a tree t G st-ct and there are distinct nodes Vqv,Vov' G N{t) 
with |u| = |u'| such that t{vov) = t{vo) = t{vov'). 

In order to see how this can be done, define a graph G = {T,E,a,T,lab), as 
follows. For every state 7 G T, if i? contains a rule 7[/[a;]] -^t then E contains 
an edge e„ for every v G N{t) with t{v) G T, where (r(e„) = 7, T(e„) = t{v), and 
lab{ey) = f. 

It should be clear that there is a tree t G st-ct containing nodes vqv,vov' 
as stated in the claim if and only if there is some j G T (namely t(vo)) such 
that there is a 707-path and there are distinct 77-paths p,p' in G with lab{p) = 
lab(p'). By Ijemma. nTI this can be decided by a nondeterministic Turing machine 
on logarithmic space. □ 
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Theorem 13. The exponential output size problem is NL-complete for total top- 
down tree transducers and DEXPTIME-complete in general. 

Proof. By Lemma 0 Lemma 0 and Lemma d the problem is in NL for total 
top-down tree transducers (since logarithmic space reductions are closed under 
composition) and in DEXPTIME in general. It remains to prove NL-hardness 
and DEXPTIME-hardness, respectively. 

In order to establish this for the total case, it is shown that the NL-complete 
problem REACHABILITY (given a graph G and two nodes v,v' , is there a vv'- 
path in G?) can be reduced to the exponential output size problem for total 
top-down tree transducers. If V is the set of nodes of the input graph G, let 
St = (X,X',r,i?,7,) with X = mon(V), E' = {/(2),e(°)}, E = {y„ | ^ S P}, 
where R is defined as follows. 

(1) For all V, v' gV, R contains the rule 7u[u'[a:]] — >• 7„/ [a;] if there is an edge from 
u to u' in G. If there is no such edge then R contains the rule 7„[w'[a;]] — >■ e. 

(2) For all nodes u gV, R contains the rule 7,j[e] — >■ e. 

(3) In addition, R contains the rule 7«'[r>[a:]] — >■ /[7t,[a:], 7«[a;]]. 

Clearly, a work tape of logarithmic size is sufficient for a Turing machine to 
construct st. Furthermore, if G does not contain any vv'-paih then the rule 
in (3), which is the only copying rule, will never be applied. Conversely, if 
there is a vv'-p&ih. let = a; and = r’i[- • • • • • ] for all 

* S N, where vj is the target node of ej for j G [n]. By the rules in (1) and 
(3) 7„[s^[a;]] /[7„[a:], 7„[a;]], which means that st contains all pairs (s*[[e]],C), 

where P is a full binary tree of height i. Thus, the output size of st is exponential. 

For the general case, Seidl jSeih4| showed that it is DEXPTIME-hard to 
decide whether dom(tdi) fl • • • fl dom(tdn) = 0 for top-down tree transducers 
tdi, . . . ,tdn given as input. Suppose tdi = {Ei, E[, Ei, Ri,ji) for i G [n] and 
assume without loss of generality that the sets of states are pairwise disjoint. 
Now, let td = (X, X', E, i?, 70) where the first four components are given by the 
union of the respective components of td\, . . . ,tdn, except that new symbols 
f(n+i)^ g(i)^ g(o) added to X, and are added to X', states 70 

and 7 are added to E' , and R contains the three additional rules 

7o[/[a:i, . . . , a;„+i]] -)> f[ji[xi],. . . , 7nK], b^n+i]], 
l[g[x]] -)> /[7[a;],...,7[a;]], and 

7[e] -)■ e. 

Clearly, the tree transduction td is empty if dom(td\) fl • • • fl dom(tdn) = 0. 
Otherwise, choose some arbitrary (s,ti) G tdi, . . . , (s,tn) G tdn and define s® 
(z G N) to be the tree g\- ■ ■ g\e\ ■ ■ ■] of height i. Then there is a derivation 
7o[/[s,...,s,s*]]^*rf f[ti, . . . ,tmP] where P is a complete {n l)-ary tree of 
height i over / and e. Thus, the output size of td is exponential (except in the 
trivial case where n = 0), which completes the proof of the theorem. □ 
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6 Conclusion 

It was shown in this paper that the exponential output size problem is NL- 
complete for total top-down tree transducers and is DEXPTIME-complete for 
general top-down tree transducers. Intuitively, the reason for the huge comple- 
xity gap between these two variants is that, in the general case, solving the 
problem requires to solve the emptiness problem for top-down tree transduc- 
tions, in addition. There are several directions for future research one could 
pursue. The complexity of the exponential output size problem for compositi- 
ons of top-down tree transductions seems to be an interesting open problem. 
Another point is that, as mentioned in the introduction, for every k G N one 
can construct top-down tree transductions whose output size is bounded from 
above by a polynomial of degree k (but not by a polynomial of degree fc — 1). In 
fact, by Corollarv II 1)1 the output size of a top-down tree transducer is bounded 
from above by a polynomial unless it is exponential. Thus, it may be interesting 
to search for efficient algorithms which determine, for a given top-down tree 
transducer td, the smallest natural number k such that ostd G 0{n^) (provided 
that such a k exists). Finally, there is the obvious question whether one can find 
natural classes of non-total top-down tree transducers for which the exponential 
output size problem is at least solvable on polynomial space. 
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useful comments they made. 



References 

[AU71] Alfred V. Aho and Jeffrey D. Ullman. Translations on a context free grammar. 
Information and Control, 19:439-475, 1971. 

[Eng82] Joost Engelfriet. Three hierarchies of transducers. Mathematical Systems 
Theory, 15:95-125, 1982. 

[FV98] Zoltan Fiilop and Heiko Vogler. Syntax- Directed Semantics: Formal Models 
Based on Tree Transducers. Springer, 1998. 

[GS97] Ferenc Gecseg and Magnus Steinby. Tree languages. In G. Rozenberg and 
A. Salomaa, editors, Handbook of Formal Languages. Vol. Ill: Beyond Words, 
chapter 1, pages 1-68. Springer, 1997. 

[Pap94] Ghristos H. Papadimitriou. Computational Complexity. Addison- Wesley, 
1994. 

[Rou70] William G. Rounds. Mappings and grammars on trees. Mathematical Systems 
Theory, 4:257-287, 1970. 

[Sei94] Helmut Seidl. Haskell overloading is DEXPTIME-complete. Information 
Processing Letters, 52(2):57-60, 1994. 

[Tha70] James W. Thatcher. Generalized^ sequential machine maps. Journal of Com- 
puter and System Sciences, 4:339-367, 1970. 

[Tha73] James W. Thatcher. Tree automata: an informal survey. In A.V. Aho, editor. 
Currents in the Theory of Computing, pages 143-172. Prentice Hall, 1973. 



On Recognizable Languages in Divisibility 

Monoids 



Manfred Droste and Dietrich Kuske 

Institut fiir Algebra, Technische Universitat Dresden, D-01062 Dresden, 
{droste , kuske}@math . tu-dresden . de 



Abstract. Kleene’s theorem on recognizable languages in free monoids 
is considered to be of eminent importance in theoretical computer science. 
It has been generalized into various directions, including trace and ratio- 
nal monoids. Here, we investigate divisibility monoids which are defined 
by and capture algebraic properties sufficient to obtain a characterization 
of the recognizable languages by certain rational expressions as known 
from trace theory. The proofs rely on Ramsey’s theorem, distributive lat- 
tice theory and on Hashigushi’s rank function generalized to our divisibi- 
lity monoids. We obtain Ochmahski’s theorem on recognizable languages 
in free partially commutative monoids as a consequence. 



1 Introduction 

In the literature, Kleene’s theorem on recognizable languages of finite words has 
been generalized in several directions, e.g. to formal power series by Schiitzenber- 
ger C3, to infinite words by Biichi 0, and to rational monoids by Sakarovitch 
m- In all these cases, the notions of recognizability and of rationality where 
shown to coincide. In concurrency theory, several authors investigated recogniz- 
able languages in trace monoids (free partially commutative monoids) which 
generalize free monoids. It is known that here the recognizable languages only 
form a proper subclass of the rational languages, but a precise description of 
them using c-rational expressions could be given by Ochmahski m A further 
generalization of Kleene’s and Ochmahski’s results to concurrency monoids was 
given in ^j. It is the goal of this paper to derive such a result for even more 
general monoids. At the same time, we obtain that well known combinatorial 
methods crucial in trace theory (like Levi’s Lemma) are intimately related with 
algebraic properties (like distributivity) from classical lattice theory |3| or the 
theory of event structures nni. 

Trace theory provides an important mathematical model for the sequential 
behavior of a parallel system in which the order of two independent actions is 
regarded as irrelevant. One considers pairs (T, /) where T is the set of actions, 
and / is a symmetric and irrefiexive binary relation on T describing the indepen- 
dence of two actions. The trace monoid or free partially commutative monoid 
M(T, /) is then defined as the quotient T*/~ where ~ is the congruence on the 
free monoid T* generated by all pairs {ab, ba) with (a, b) S I. For surveys on the 
many results obtained for trace monoids, we refer the reader to the collection 0. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 246-^^^ 1999- 
(c) Springer- Verlag Berlin Heidelberg 1999 
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An algebraic characterization of trace monoids was given by Duboc m- Here 
we use a lattice theoretically easy generalization of these algebraic conditions for 
the definition of divisibility monoids. 

As for trace monoids, a divisibility monoid has a finite system of irreducible 
generators. They could be viewed as atomic transitions in a concurrent system. 
However, in comparison with trace monoids we allow much more general com- 
mutation possibilities for these generators. In our monoids it is possible, e.g., 
that ab = cd or ab = cc where a, 6, c, d are four pairwise different irreducible 
generators. This would mean that the different sequential transformations ab 
and cd (cc, resp.) give rise to the same effect. It is clear that this is a much 
more general situation than in trace theory where ab = cd implies {a, b} = {c, d} 
(a, b, c, d generators as above) and even than in the situation of the automata 
with dynamic (situation dependent) independence of actions investigated in |5| . 
However, as for traces, we assume that any two sequential representations (i.e., 
products) by irreducible generators of a given monoid element have the same 
length. This is ensured by requiring that the divisibility monoid is cancellative 
and that the prefix (= left divisibility) relation satisfies natural distributivity 
laws well known from lattice theory (Birkhoff 0). These classical distributivity 
laws suffice to deduce our results. Also, they enable us to develop and use a 
calculus of residuals similar to the one used e.g. in lambda calculus |2|, term 
rewriting ^ and the models for concurrency considered in ITTO . 

In these divisibility monoids, we investigate closure properties of the class of 
recognizable languages under rational operations, analogously as in trace theory. 
To achieve this, we develop an extension of the notion of the rank of a language, 
which was already shown to be very useful in trace theory by Hashigushi nn, 
cf. |7|tij . Under the assumption of a finiteness condition on the commutation 
behavior of the monoid elements, we can prove that the product of recognizable 
languages is again recognizable. 

To deal with the iteration, analogously as in trace theory, we define when a 
monoid element is connected (intuitively, it cannot be split into disjoint compo- 
nents) using classical lattice-theoretic concepts. In trace theory, the iteration of 
a recognizable language consisting only of connected elements is again recogniza- 
ble. We show (cf. Example^) that, somewhat surprisingly, this fails in general in 
divisibility monoids. However, using the residuum operation mentioned above, 
we can define when a language is residually closed. Then we can show, using 
also Ramsey’s Theorem, that the iteration of a recognizable residually closed 
language consisting only of connected elements is again recognizable. We call a 
language c-rational if it can be constructed from finite languages using the ope- 
rations union, product and this restricted version of iteration. Thus, the closure 
properties indicated so far ensure that any c-rational language is recognizable. 

Recall that an equation ab = cd with irreducible generators a, b, c,d oi M 
states that the different sequential executions ab and cd give rise to the same 
effect. If now a ^ c, the effect of a in the execution cd has to be resumed by that 
of d. Therefore, we consider the least equivalence on the irreducible generators of 
M identifying a and d that occur in an equation ab = cd with a ^ c. Requiring 
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that a and c are not equivalent whenever ab = cd and a c, we can prove the 
converse of the above result, i.e., we can show that any recognizable language is 
c-rational. With this requirement, our divisibility monoids are more similar to, 
but still more general than trace monoids. Our results can be summarized as 
follows (see the subsequent sections for the precise definitions) 

Theorem 1. Let (M, -,1) be a labeled divisibility monoid with finite eommuta- 
tion behavior and L C M. Then L is reeognizable iff L is c-rational. 

From these results, we obtain Ochmahski’s theorem for recognizable trace 
languages as an immediate consequence. Furthermore, a strengthening of the 
results from jHj for recognizable languages in concurrency monoids follows from 
our results (see the full paper 0 ). 

As the above examples and many others show, the class of divisibility monoids 
is much larger than the class of all concurrency monoids investigated in 0 which 
in turn is larger than the class of trace monoids. 

The present divisibility monoids can hence be viewed as a general model for 
concurrent behaviors where it is still possible to describe recognizable sets of 
behaviors by certain rational expressions. 

The complete proofs are contained in the full paper jOj. 

2 Preliminaries 

Let (M, •, 1) be a monoid and L C M. A monoid morphism rj : M ^ S into a 
finite monoid {S, •, 1) recognizes L if r]~^ri{L) = L. The language L is recognizable 
if there exists a monoid morphism that recognizes L. For x € M let x~^L := 
{y € M \ X ■ y € L}, the left quotient of L with respect to x. Then a classical 
result states that L is recognizable iff the set {x~^L \ x S M} is finite iff there 
is a finite M-automaton recognizing L. 

Let L,K f- M. Then L ■ K := {I ■ k \ I G L, k G K} is the product of L and K. 
By (L) we denote the submonoid of M generated by L, i.e., (L) = {h- h - ■■ - In \ 
n G N,k G L}. For a set T, T* denotes the free monoid generated by T. Now let 
M he & free monoid and L C M. Then (L) is a subset of M while L* is a set of 
words whose letters are elements of M. Classical formal language theory usually 
identifies the set L* of words over L and the submonoid (L) of M generated by 
L. In this paper, we have to distinguish between them. 

A language L C M is rational if it can be constructed from the finite subsets 
of M by union, multiplication and iteration. 

Now let r be a finite set and L Q M := T* . By Kleene’s Theorem, L is 
recognizable iff it is rational. In any monoid, the set of recognizable languages 
is closed under the usual set-theoretic operations, like complementation, inters- 
ection and difference. 

For X G T*, let a(x) denote the alphabet of x comprising all letters of T 
occurring in x. Then Lb := (B) H L \ (Uacb (^)) B C T is the set of 

elements x of L with a{x) = B. If L is rational, the language Lb is rational, 
too. The language L is monoalphabetic if L — Lb for some B GIT. A language 
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L C M is monoalphabetic-rational if it can be constructed from the finite subsets 
of M by union, multiplication and iteration where the iteration is applied to 
monoalphabetic languages, only. One can easily show that in a finitely generated 
free monoid any rational language is monoalphabetic-rational. 

Let (P, <) be a partially ordered set and x G P. Then comprises all 
elements dominated by x, i.e., ].x := {y G P \ y < x}. If A C P, we write A < x 
to denote that A C 4,x, i.e., that a < x for all a G A. The partially ordered set 
(P, <) is a lattice if for any x,y G P the least upper bound sup(x, y) = x V y and 
the largest lower bound inf(x,y) = x Ay exist. The lattice (P, <) is distributive 
if X A (y V z) = (x A y) V (x A z) for any x,y,z G P. This is equivalent to 
X V (y A z) = (x V y) A (x V z) for any x,y,z G P. For properties of finite 
distributive lattices, we refer the reader to 0. 

3 Divisibility Monoids 

In this section, we introduce divisibility monoids and investigate their basic 
properties. 

Let M = (M, •, 1) be a monoid where 1 G M is the unit element. We call M 
cancellative if x ■ y ■ z = x ■ y' ■ z implies y = y' for any x, y, y' , z G M. This in 
particular ensures that M does not contain a zero element and will be a very 
natural assumption (trivially satisfied in free monoids). For x,y G M, x is a left 
divisor of y (denoted x < y) if there is, z G M such that x - z = y. In general, the 
relation < is not antisymmetric, but we require this for a divisibility monoid. 

Let T ■= (M \ {!}) \ (M \ {1})^. The set T consists of those nonidentity ele- 
ments of M that do not have a proper divisor, its elements are called irreducible. 
Note that T has to be contained in any set generating M. 

Definition 1. A monoid (M, -,1) is called a (left) divisibility monoid provided 
the following hold 

1. M is cancellative and its irreducible elements form a finite set of generators 
ofM, 

2. (M, <) is a partial order such that any two elements x,y G M with an upper 
bound have a supremum, and 

3. {\.m, <) is a distributive lattice for any m G M . 

Since by condition 1 above a divisibility monoid (M, •, 1) is generated by the 
set T of its irreducible elements, there is a natural epimorphism from the free 
monoid T* onto M . This epimorphism will be denoted by [.]. 

Condition 2 is well known from domain theory and often regarded as “con- 
sistent completeness” . It means that whenever two computations x and y from 
M allow a joint extension, there is a least such extension of them. In fact, the 
partial order (M, <) can be seen as the compact elements of a Scott-domain. 
But (M, <) is not necessarily a lattice since it may contain unbounded pairs of 
elements. 

Using basic properties of distributive lattices, from conditions 1 and 3 one 
can infer that fx is finite for any x G M. It follows that any finite subset A 
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of M has an infimum in (M, <), and if A has an upper bound, it also has a 
supremum. This supremum of A can be viewed as the least common multiple 
of A, whereas the infimum of A is the greatest common (left-)divisor of A. 
Observe that the distributivity required is a direct generalization of the triviality 
that in the multiplicative monoid (N, -,1) least common multiple and greatest 
common divisor distribute (i.e., gcd(a;, lcm(y, z)) = lcm(gcd(a;, y), gcd(a;, z)) for 
any x,y,z). In our general setting, the finiteness of 4,a; ensures that (M, <) is 
even the set of compacts of a dl-domain. For the theory of dl-domains and their 
connection with lambda calculus we refer the reader to pQ . In particular we have 
(a; V y) A z = (x A z) V (y A z) whenever the left hand side is defined. 

Note that in left divisibility monoids the partial order is the prefix relation. 
Ordered monoids where the order relation is the intersection of the prefix and the 
suffix relation were investigated e.g. in under the name “divisibility monoid” . 
Since such monoids will not appear in this paper any more, we will simply speak 
of “divisibility monoids” as an abbreviation for “left divisibility monoid” . 

Next we show that for elements of a divisibility monoid a length can be defi- 
ned in a natural way making the correspondence to computations even clearer: 
Let X = X1X2 ■ ■ - Xn G M with Xi G T. Then {1, xi,x\X2, ■ ■ ■ ,x} is a maximal 
chain in the finite distributive lattice \.x. Since maximal chains in finite distri- 
butive lattices have the same size, any word u over T with [u] = x has length n. 
Hence we can define the length of x to be |a:| = n. 

Divisibility monoids are defined algebraically, using classical notions from 
lattice theory. They can also be described combinatorially (and more similar to 
the original definition of trace monoids) using commutation conditions for their 
irreducible generators. A first step towards such a representation is provided by 
the following proposition. 

Proposition 1. Let M be a divisibility monoid and T the set of its irreducible 
elements. Let ^ denote the least congruence on the free monoid T* containing 
{{ab,cd) \ a,b,c,d € T and a ■ b = c ■ d}. Then ~ is the kernel of the natural 
epimorphism [.] : T* — >■ M. Ln particular, M = T* 

On the other hand, there are sets of equations of the form ah = cd such that 
T* is not a divisibility monoid. In those sets of equations are described 
that give rise to divisibility monoids. 

Let M be a divisibility monoid. Two elements x and y are independent (de- 
noted by a; II y) if X A y = 1 and {x, y} is bounded above. Intuitively, this means 
that the computations x and y have no nontrivial joint past and are consistent. 
In this case the supremum x V y exists in M. Since M is cancellative, there is a 
unique element z such that y ■ z = x \/ y. This element z is called the residuum 
of X after y and denoted by xfy. Intuitively, xfy denotes the computation that 
has to be performed after y in order to obtain the least common extension of x 
and y. Note that the residuum is defined for independent elements x and y only. 
Clearly, x|y is defined iff yfx is defined and in this case x(yfx) = y(xfy) = xVy. 

Now assume M to be a trace monoid. Then two traces x = [u] and y = [u] in 
M are independent iff each letter occurring in u is independent from each letter 
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occurring in v. This coincides with the usual definition of independence in trace 
theory. If x and y are independent, then it is known that y-x = x- y = x\/y 
and hence x"[y = x and similarly y"[x = y. 

Again, let M be an arbitrary divisibility monoid. Fixing x G M, we define a 
unary partial function Cx from M to M with domain dom(ca;) := {y G M \ x \\ y} 
by letting Cx{y) '■= y\x. The function Cx will be called the commutation behavior 
ofx. In this paper, as usual, an equation Cx{y) = Cz{y') means “cx{y) is defined iff 
Cziy') is defined and in this case they are equal” . In other words, y is independent 
from X iff y' is independent from z and in this case y\x = y'^z. 

Let Cm denote the set of all commutation behaviors of elements of M, i.e.. 
Cm = {cx I X G M}. Note that Cm is a set of partial functions from M to M 
that might be infinite. If Cm is actually finite, we say that M is a divisibility 
monoid with finite commutation behavior. 

Let M again be a trace monoid. Recall that yfx = y whenever yfx is defi- 
ned. Hence the commutation behavior Cx is the identity on its domain. This in 
particular implies that two traces have the same commutation behavior iff they 
have the same alphabet. Thus, if M is finitely generated, as a divisibility monoid 
it has finite commutation behavior. 

The following lemma lists some properties of the commutation behaviors our 
proofs rely on. 

Lemma 1. Let (M, -,1) be a divisibility monoid and x,x',y,z G M. 

1. The commutation behavior Cx is injective and length-preserving on its do- 
main. 

2. X II yz iff x \\ y and Cy(x) || z. 

3. Cyz(x) = Cz(cy(x)); in other words x\{yz) = {x\y)'\z. 

j. Cx{yz) = Cx{y) ■ Cc^(^x){z); equivalently yz\x = (yfx) ■ {zf{x-fy)). 

5. Ifcx = Cx' and y || x then c^^^x) = Ccy(x')- 

Note that the third statement of the lemma above in particular implies 
Cz o Cy = Cyz where o is the usual concatenation of partial functions. Hence 
(Cm,o,ci) is a monoid, the monoid of commutation behaviors of M. The fun- 
ction c : M ^ <Cm '. X ^ Cx is & monoid antihomomorphism. Thus, if M has 
finite commutation behavior, for any commutation behavior c G Cm, the set 
{x G M \ Cx = c\ oi all elements of M with commutation behavior c is recogniz- 
able. This will be crucial for some proofs of our results. Unfortunately, we do 
not know whether actually each divisibility monoid has finite commutation be- 
havior. This seems to be a difficult problem combining monoid theoretic, lattice 
theoretic and combinatorial concepts. 

We will also need a lifting of the commutation behavior from a divisibility 
monoid M to the free monoid T* which can be defined as follows. We define 
functions : T* — >■ T* for u G T* in such a way that equations like those 
from Lemma [D hold: Recall that for t G T and u G T* with [u] || t we have 
|t| = |c[„](t)| by Lemma n and therefore G T. Hence := (if 

t II [u]) is a partial function mapping T to T. We extend it to a partial function 
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from T* to T* by du{tv) := Then one gets properties similar to 

those listed in Lemma ^ In particular = dy iff C[„] = C[^j for any u,v €T*. 

Let Dm = {du \ u G T*} be the set of all commutation behaviors of words 
over T. Then (DM,o,de) is a monoid and d : T* ^ Dm : u i— >■ is a monoid 

antihomomorphism. Also, i— > C[„] is a monoid isomorphism from (DmiOj^e) 

to (Cm,o,ci). 

It is immediate that if [m] || [u] then [■;;] = [u;] implies = C[u](H) = 

C[ii]([w]) = [d„('u;)]. The following lemma shows that not only the other implica- 
tion holds as well but that even {du{w) \ [u] = [w]} = {w' \ [w'] = [d„(u)]}. The 
proof relies on the fact that (4,a;,<) is a distributive lattice and that projective 
intervals in distributive lattices are isomorphic. 

Lemma 2. Let x G M , u G T* and ti gT for i = 1,2, . . . ,n such that C[„](a;) = 
[tit 2 ■ . - tn]. Then there exist Si G T for i = 1,2, ... ,n such that d„(siS 2 ■ ■ • Sn) = 
tit 2 ...tn- These elements Si ofT are unique. 

4 Commutation Grids and the Rank 

In trace theory, the generalized Levi Lemma (cf. p]) plays an important role. 
Here, we introduce a generalization to divisibility monoids using commutation 
grids. This enables us to obtain a concept of “rank” of a language in these 
monoids, similar to the one given by Hashigushi m for trace monoids. Let M 
be a divisibility monoid and x,y G M. Recall that Cx{y) = yfx. Similarly, we 
define vfu := du{v) whenever the latter is defined for u,v G T*. 

Definition 2. For 0 < i < j < n let Xj,yf G T* . The tuple {x'j,yf)o<i<j<n is 
a commutation grid provided Xj || y{~^ , x'jfyf~^ = and y{~^fx'j = y{ for 

any 0 < i < j < n (see Fig. m- 

Lemma 3. Let zq, zi, . . . , z„,x,y G T* with [xy] = [zqZi . . . Zn]- Then there 
exists a commutation grid {xj,y()o<i<j<n such that [x] = [j/] = 

boy” • ■ • y”]> <^nd [z,] = [xfy(\ for i = Q,l, . . . ,n. 

Now we can introduce the notion of rank in the present context. Intuitively, 
it measures the amount of commutations of irreducible generators necessary to 
transform a product of two words into an equivalent word belonging to a given 
word language over T. 

Definition 3. Letu,v G T* and X CT* such that [uf] G [A] := {[w] | w G X}. 
Let rk(u, r;. A) denote the minimal integer n such that there exists a commuta- 
tion grid (m* , wf )o<i<j<n in T* with [m] = [ugW? . . .u°], [u] = [vqVi . ■ - and 
Kv^u\v\ . . .uy'!f GX. 

For u,v G T* and ACT* with [rtri] G [A] := {[w] | w G A}, one gets 
rk{u,v,X) < \uv\. We define the rank rk(A) of X by 



rk(A) := sup{rk(M, v. A) \ u,v G T* , [mu] G [A]} € N U {oo}. 
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This picture depicts a commu- 
tation grid. Edges denote elements 
from T* and an angle denotes that 
the two edges correspond to independent 
elements. Note that in any of the small 
squares, the lower left corner is marked by an 
angle. This indicates that [x'jy(] = [yi~^x'^^^] be- 
cause of [x]yl] = = \x'j\ V = 

i~^{xj'[y^^~^)] = [yl~^x'j'^^]. By Lemma Q for any 
rectangle in the grid {x'j,yf)Q<i<j<„ the bottom and the 
left side are independent and their residuum is the top (the 
right) side, respectively. By induction, it is easy to show that 
[x^xl-.-xt] ■ [yoyt ■■■Vn] = [xlyl][x\yl][xlyl] . . . [x^y^]. The 
right hand side of this equation is the diagonal border of the grid. 



bii 



Fig. 1. A commutation grid 



A word language A C T* is closed if [u] G [X] implies u G X for any u G T*. 
Since rk(M,u, A) = 0 whenever uv G A, the rank of a closed language equals 0. 

We just note here that if M is a trace monoid then these notions coincide 
with the corresponding ones known from trace theory. Hence the following result 
generalizes [01 Thm. 3.2]. 

Theorem 2. Let (M, -,1) be a divisibility monoid with finite commutation be- 
havior. Let X C T* be recognizable and n := rk(A) be finite. Then [A] is 
recognizable in M. 

Proof. Let 77 be a homomorphism into a finite monoid S recognizing A with 
du = dv whenever rj{u) = 77(f). For a; G M let R{x) denote the subset 

{{r]d{xo),rid{xi) . . . r]d{xn))deBM \ Xo,xi, . . . ,Xn G T* and x = [x^xi . . . Xn]} 

of (S'"+^)l®'^l . Hence there are only finitely many sets R{x). We show R{x) = 
R{z) => x~^[X] = z~^[X], which implies that [A] is recognizable. 

So let R{x) = R{z) and let y G x~^[X\. Since rk(A) = n, there exists a 
commutation grid (ufivf)o<i<j<n such that x = [uq'^i . . . u°], y = [fp f" . . . f"j, 
and ulv^u\v\ . . G X. Then (77^(77^), 77^(77?) ... 77^(77° ))deDM ^ = 

R{z). Hence there exist words 7f° G T* with r]d{Wj) = rjd{u°) for each 0 < j < n 
and d G Dm, and z = [TfgTf^ . . . 7f°]. Then d^o = d„o implying the existence of 
a commutation grid (tc® , f^)o<i<j<n- Then one gets zy = [TfgfgTfJfJ . . . ifjjf”] G 
[A]. Hence y G z“^[A] and therefore a;“^[A] = z“^[A] as claimed above. □ 
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5 On Recognizable and c-Rational Languages 

First, we prove closure properties of the set of recognizable languages in a divi- 
sibility monoid. 

Lemma 4. The set of recognizable languages in a divisibility monoid with finite 
commutation behavior is closed under multiplication. 

To prove this lemma, one shows that for any closed languages X,Y C T*, the 
product XY has rank at most 1, i.e., rk{XY) < 1. Then the lemma follows from 
Kleene’s Theorem and from Thm. 13 We note that the distributivity assumption 
on divisibility monoids is crucial for this result to hold, cf. Ex. 4.11]. 

As in a trace monoid, the set of recognizable languages in a divisibility mo- 
noid is not closed under iteration. Therefore, we need some more notions: An 
element x € M of a, divisibility monoid (M, -,1) is connected if there are no 
independent y,z S M \ {1} such that x = y W z = ycy{z). A set A CM 
{X C T*, respectively) is connected if all of its elements are connected ([A] C M 
is connected, respectively). For trace monoids, this lattice theoretic definition is 
equivalent to the usual one via alphabets, and the iteration of a recognizable 
connected language is again recognizable. The following example shows that the 
latter is not the case for divisibility monoids. 

Example 1. Let T = {a,b,c,d} and let ^ denote the least congruence on T* 
with ab ~ cd and ba ^ dc. Now we consider the monoid M := T* / ^. Using 
the characterization from m, one can show that M is a divisibility monoid. 
Moreover, it has finite commutation behavior. Since any irreducible element is 
trivially connected, {a, b} is a recognizable connected language in M. Let L 
denote the iteration of this language in M, i.e., L := ({a, b}) C M. To show that 
L is not recognizable, it suffices to prove that X := {w £ T* \ [w] G L} is not 
recognizable in the free monoid T*. Note that A consists of those words that are 
equivalent to some word containing a’s and 6’s, only. Clearly any such word has 
to contain the same number of c’s and of d’s. If A was recognizable, the language 
Y = X n (ad)*{cb)* would be recognizable. We will derive a contradiction by 
showing Y = {(ad)*(c6)* | i G N}: By the observation above, Y C {(ad)*(c&)* | 
i G N}. Starting with {ab)c ^ cdc ~ cba, we obtain (ab)^c ~ c{ba)^ for any n. 
Thus ad{ab)^cb ^ adc{ba)^b ^ aba{ba)^b = (o6)”+^. Applying this equation to 
a word of the form (ad)®(c6)* several times, one gets {ady{cby ^ {aby^ G A and 
therefore Y = {(ad)*(c6)* | i G N}. □ 

An analysis of this example leads to the following additional requirement on 
recognizable languages that we want to iterate: A language A C T* is residually 
closed if it is closed under the application of and d~^ for elements it of A 
(Note that in the example above df^{b) = c ^ {a, ^}, Le., this language is not 
residually closed.) A language L C M is residually closed iff {ic G T* | [ic] G L} 
is residually closed. Recall that in a trace monoid the commutation behaviors 
du are contained in the identity function on T*. Hence any trace language is 
residually closed. 
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Theorem 3. Let be a divisibility monoid with finite commutation be- 

havior. Let X Q T* be closed, connected, and residually closed. Then the rank 
rk((X)) of the iteration of X is finite. 

Proof. Let u,v € T* and Xo,xi, . . . ,Xn € X such that [mu] = [xqXi . . . Xn]- One 
can show that there exists a commutation grid (u*-, u^)o<i<j<n in T* such that 
M = Ku? ■■■<], b] = Kv^ ...v^] and [xi] = [uX] G [x]. 

Constructing a subgrid one shows that it is sufficient to consider the case 
u ■ / £ / uj for all 0 < z < n. 

Now one can prove that there are nol<a</3<7<n with 



*i0 ^ 7 /^ 7 /^ 

^/3-l ^(3^0 + l- 



^0 ■ 
~i — 1 o. a + 1 



7 — 1 



since otherwise [u^a] would not be connected. Since Dm is finite, Ramsey’s 
Theorem US] bounds n and therefore the rank of (X). □ 

Using Kleene’s Theorem and Thm.0one gets that the iteration of a connec- 
ted, recognizable and residually closed language is recognizable. 

A language L C M is c-rational if it can be constructed from the finite subsets 
of M by union, multiplication and iteration where the iteration is applied to 
connected and residually closed languages, only. Since any element x G M has 
only finitely many prefixes, finite languages are recognizable. By Lemma Sand 
Thm. S we get 



Theorem 4. Let (M, -,1) be a divisibility monoid with finite commutation be- 
havior. Let L G- M be c-rational. Then L is recognizable. 



Next we want to show the inverse implication of the theorem above. Let 
(M, •, 1) be a divisibility monoid, E a finite set and £ : T ^ E a function. Then 
£ is a labeling function and {M,£) is a labeled divisibility monoid if £(s) = £{sft) 
and £{s) yf £{t) for any s,t G T with s || t. We note that the monoid M from 
Example n becomes a labeled divisibility monoid by putting £{a) = £{d) = 0 and 
£{b) = £{c) = 1. Thus, our main Thm. 0 holds for this monoid which is not a 
trace monoid. 

Now let (M, £) be a labeled divisibility monoid. The label sequence of a word 
uqUi .. .Un GT* is the word £{uq)£{ui) . . . £{un) G E* . We extend the mapping £ 
to words over T by £{tw) = {^(t)}U^(?u) and to elements of M by £{[u]) := £{u) 
for u G T*. This latter is well defined by Prop. S Note that £ : M — )> 2^ is 
a monoid homomorphism into the finite monoid (2^,U,0). One can show that 
£{x) n £{y) = 0, £{y) = £{y'[x), and £{x) U £{y) = £{x V y) for any x,y G M with 

X II y- 

A language L C M is monoalphabetic if £{x) = £{y) for any x,y G L. It is 
an mc-rational language if it can be constructed from the finite subsets of M by 
union, multiplication and iteration where the iteration is applied to connected 
and monoalphabetic languages, only. Since, as we mentioned above, independent 
elements of M have disjoint label sets, any monoalphabetic language is residually 
closed. Hence mc-rational languages are c-rational. 
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Now let ^ be a linear order on the set E and let a; S M. The word u € T* with 
X = [m] is the lexicographic normal form of x (denoted u = lexNF(x)) if its label 
sequence is the least among all label sequences of words v G T* with x = [u]. 
This lexicographic normal form is unique since two word u,v G T* having the 
same label sequence with [u] = [u] are equal. Let LNF = {lexNF(a:) \ x G M} 
denote the set of all words in T* that are in lexicographic normal form. One can 
characterize the words from LNF similarly to trace theory. This characterization 
implies that LNF is recognizable in the free monoid T*. 

The crucial point in Ochmahski’s proof of the c-rationality of recognizable 
languages in trace monoids is that whenever a square of a word is in lexicographic 
normal form, it is actually connected. This does not hold any more for labeled 
divisibility monoids. But whenever a product of \E\ + 2 words having the same 
set of labels is in lexicographic normal form, this product is connected. 

We need another notation: For a set ACE and u GT* let nA{u) denote the 
number of occurrences of maximal factors w of u with £{w) C A or £{w) = 0. 

The number nA^u) is the number of blocks of elements of A and of E \ A in the 
label sequence of u. Furthermore, we put ua{x) := n^(lexNF(a;)) for x G M . 

Lemma 5. Let (M, •, 1,£) be a labeled divisibility monoid, x,y G AI and x || y. 
Then n^(a;)(a; V j/) < \E\ + 1. 



Lemma 6. Let X C T* be a monoalphabetic language. Let w G fl LNF. 

Then [u>] is connected. 

Proof. Let n = | + 1 and xt G [X] with [w] = xqXi . . . Furthermore assume 

A = £{xi) which is well defined since X is monoalphabetic. Now let x,y G M 
with X \\ y and x\/ y = [w]. Then £(x) fl £{y) = %. If A contained an element 
from £{x) and another one from £{y), we would obtain ni(^x)i[w]) > n > |if| + 1, 
contradicting Lemma|51 Hence A C £{x) or A C £{y). Now £{x)U£{y) = £{x\/y) = 
£{xqXi . . . Xn) = A C £[x) implies y = 1. □ 

Now one can show that in a labeled divisibility monoid (with possibly infinite 
commutation behavior) any recognizable set is mc-rational. This proof follows 
the lines of the corresponding proof by Ochmahski for traces using Lemma El 
Summarizing, we get the following theorem which in particular implies Thm. Q 

Theorem 5. Let (M, -,1) be a labeled divisibility monoid with finite commuta- 
tion behavior and L C M . Then L is recognizable iff L is c-rational iff L is 
mc-rational. 



6 Open Problems 

Sakarovitch’s and Ochmahski’s results are important generalizations of Kleene’s 
Theorem to rational and to trace monoids, respectively; thus into “orthogo- 
nal” directions since any rational trace monoid is free. Our further extension 
of Ochmahski’s result is not “orthogonal” to Sakarovitch’s approach any more 
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(for instance {o, 6, c, d}* / {ab = cd) is both, a rational monoid and a divisibility 

monoid, but no free monoid) . Hence our approach can be seen as a step towards 

a common generalization of Sakarovitch’s and Ochmahski’s results. 
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Abstract. In this paper we address the problem of the expressive po- 
wer of point-to-point communication to implement broadcast communi- 
cation. We demonstrate that point-to-point communication as in CCS 
is “too asynchronous” to implement broadcast communication as 
in CBS lEHSI . Milner’s 7r-calculus [M?TTj is a calculus in which all commu- 
nications are point-to-point. We introduce fovr-calculus, using broadcast 
instead of rendez-vous primitive communication, as a variant of value- 
passing CBS in which communications are made on channels as in Ho- 
are’s CSP |HH3 - and channels can be transmitted too as in 7r-calculus - 
but by a broadcast protocol: processes speak one at a time and are heard 
instantaneously by all others. In this paper, using the fact that 7r-calculus 
enjoys a certain interleaving property, whereas byr-calculus does not, we 
prove that there does not exist any uniform, parallel-preserving trans- 
lation from ferr-calculus into vr-calculus, up to any “reasonable” equiva- 
lence. Using arguments similar to IP??7I . we also prove a separation result 
between CBS and CCS. 



1 Introduction 



Communication within processes is the main aspect of concurrency within dis- 
tributed systems. One can specify basic communications from several points of 
view; primitives interactions can be, for instance, synchronous or asynchronous, 
associated to point-to-point or broadcast (one-to-many) message exchange pro- 
tocols. 

In theory (and in practice too), it arises naturally the question whether one 
mechanism can be “expressed” using the other (or, whether one can be im- 
plemented by the other). The first aspect (of synchrony/asynchrony) was, for 
instance, recently studied in fP^ in the framework of the 7r-calculus r fMT] . 
[IMPW92] !. It was proved that there does not exist any uniform, parallel con- 
structor-preserving, translation from 7r-calculus into the asynchronous 7r-calculus, 
up to any “reasonable” notion of equivalence. 
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In this paper, we address the question of the power of expressiveness of point- 
to-point communications versus broadcast communications. Indeed, we stress 
here that the broadcast is a natural manner of communication in concurrent 
and communicating systems found in many application fields. It has been also 
chosen as the hardware primitive exchange protocol for some networks, and in 
this case point-to-point message passing (when needed) is to be implemented on 
top of it. Broadcast can also be a natural primitive for many applications pro- 
gramming models (e.g. multimedia, data mining, etc.). Hence, it is natural to 
understand if a calculus for parallel/distributed computing based on basic broa- 
dcast communications (lEM) results in more powerful process calculi, or it is 
just a way of adding “syntactic sugar” to existing point-to-point based calculi. 
We chose Milner’s 7r-calculus to study this problem, since it is recognised as one 
of the richest paradigm for concurrency introduced so far. In addition, the basic 
mechanism for communication in 7r-calculus is a point-to-point exchange event. 
When trying to express broadcast communication using point-to-point commu- 
nication, what seems difficult, is how one can anticipate the size of the set of 
point-to-point communications needed when the number of potential receivers is 
“a priori” unknown. In addition, in 7r-calculus a system of two processes which 
exchange messages, can behave similarly in any context, while a broadcast com- 
munication is always “open” for the given environment. This is the intuition 
that we exploit in this paper to prove that broadcast communication cannot be 
“reasonably” simulated by using point-to-point communications of 7r-calculus. 

The rest of the paper is as follows. In section 2 we briefly remind the bases 
of the TT-calculus and then introduce the 67r-calculus as a variant of a broadcast 
calculus (inspired from EH3) together with some definitions concerning electo- 
ral systems. Section 3 presents the main result of the paper which proves the 
non-existence of any uniform encoding of 67r-calculus into 7r-calculus. Section 4, 
discusses related works and presents future directions of research. 

2 Preliminaries 

In this section we briefly present the 7r-calculus, the 67r-calculus (which is a 
variant of broadcast calculus), and then we introduce the notion of electoral 
systems. 

2.1 The 7T- Calculus 

Let Chp be a countable set of channels. Then processes are defined in Table 1. 

Table 1. Processes 

P-'.= nil I A{x) I Si^ia^.pi \ pi \\ P 2 \ vxp \ {rec A{x).p){y) 



where at belongs to the set of prefixes a ::= x{y) \ xy. 

Prefixes represent the basic actions of processes: x{y) is the input of the 
name y on the channel x, and xy is the output of the name y on the channel 
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X. Si^iai-Pi represents guarded choice; when possible it begins by executing 
one of the atomic action ai, and then its continuation is pi. vxp is the creation 
of a new local channel x (whose initial scope is the process p). p\ || p 2 is the 
parallel composition of p\ and p 2 - {recA{x).p){y) is a recursive process (allows 
to represent processes with infinite behaviour). 

The operators vx and y{x), are x — binders, i.e. in nxp and y{x).p, x appears 
bound, and bn{p) represents the set of bound names of p. The free names of p are 
those that do not occur in the scope of any binder, and are denoted with fn{p). 
The set of names of p is denoted with n{p). The alpha-conversion is defined as 
usual. 

In literature there have been defined relations among processes which relate 
processes which are “almost the same” . Such a relation is a congruence, and 
allows to substitute a process by another congruent process, when needed. 

Definition 1. Structural congruence, denoted =, is the smallest congruence 
over the set of processes which satisfies the conditions of Table 2. 



Table 2. Structural congruence 

1 p = q if p and q are a-convertible 

2 (p II g) II r = p II {q || r) 

3 p\\q = q\\p 

4 p II nxq = vx{p || q) if x ^ fn{p) 



Definition 2. Actions, ranged over a,j3 are given by the following syntax: 

a a{x) I dx \ vxdx \ t 

where a,x € Chp and which reads as follows: an action is either a reception, 
a (possibly bound) output, or the silent action t, denoting an uncontrollable 
transition. 

We give an operational semantic of our calculus in terms of transitions over 
the set Pp of processes. Transitions are labeled by actions. 



Definition 3. Transition system The operational semantics of ir-calculus is 
defined as a labeled transition system defined over the set Pp of processes. The 
judgement p p' means that that the process p is able to perform action a to 
evolve to p' . The operational semantics is given in Table 3. 

The semantic is an early one, i.e. the bound names of an input are instantiated 
as soon as possible, in the rule for input. 
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Table 3. 


Operational semantic of tt- 


calculus 


Vi ^V 

a{x).pmp[z/x] ax.p^p 


p — yp 
uxp^-^^ p' 


A x^n{ot) 


p-^p' A bn{oi)^fn(q) 


ox / aCa;) . 

p ¥p A q >q 


yxp-^^yxp' 


Pll9-^P'II<J 


p\\q^p'\\q' 


uxdx / a{x') / 

p >■ p A q——¥q 


p[{rec A{x) .p) / A,y /x]-^p' 


p=p , p ~^q , q=q 


p\\q^i^x{p'\\q') 


{rec A{x).p){y)-^p' 


p-^q 



2.2 The bTT-Calculus 

The 67T-calculus is a process calculus in which broadcast is the fundamental com- 
munication paradigm. It is derived from broadcast calculus proposed by Prasad 
in jEnni, and TT-calculus. It differs from broadcast calculus, in that communi- 
cations are made on channels (and transmitted values are channels too) which 
belong to a countable set Chf, (like in 7r-calculus) , and from 7r-calculus in the 
manner of use of channels: only for broadcast communications. 

The syntax of processes is similar to that of 7r-calculus, as given in Table 1, 
and the meaning of process constructors is the same. Also, the set of actions 
(denoted A), is defined similarly. The operational semantic (which is defined as 
a labeled transition system defined over the set Vb of &7r-calculus processes) is 
different, and we describe it in Table 5. Before, we define similarly to mrm . a 
relation — >-C VbX- A denoted p (instead of p — >■ a) and which can be read 
“p discards the action a ” . 



Table 4 The “discard” relation 



a—a(x) 

P-^ 



by.p- 



b^a 



b{x).p- 



yiei Pi 



iGlPi 






p[{rec A{x) .p) j A,y ! x] — p=p' A p' - 
{rec A{x).p){y)-^ p-^ 



The operational semantic is given, like for 7r-calculus, via a transition system 
labeled by actions. Communication between processes is performed through un- 
buffered broadcasts. Comparing with 7r-calculus, outputs are non-blocking, i.e. 
there is no need of a receiving process. One of processes broadcasts an output 
and the remaining processes either receive or ignore the broadcast according to 
whether they are ’’listening” or not on the channel which serves as support of 
the output. A process which “listen" on a channel a, can not ignore any value 
send on this channel. 
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Table 5 


. Operational semantic of 57r-calculus 


a{x) ,p^^^p[z / x] 


_ ax 

ax.p — >p 


Pi ^P 

SielPi-^P' 


p-^p' A x^n{ct) 


ax / 

P >P 


ax / 
p ^p 


ifxp-^uxp' 


vxp^-^^ yxp' 


vap — >vap' 


p^-^^ uxp' A 


ax a{x) , 

p ^p A q—^q 


a{x) , a{x\ , 

p^-tp A q^-tq 


p\\q'^ ux{p'\\q') 


p\\q-^p'\\q' 


p\\q°^p'\W 


p-^p' A q—^ A bn{oc] 


)^fAq) p[(rec A{x).p)/A,y/x]-^p’ 


III 


pWq-^p'Wq 


(rec A{x).p){y)-^p' 


cx. 

p ¥q 



2.3 Electoral Systems 

In this subsection, we present the notion of an electoral system as given by 
Palamidessi in lEnz|. All the notions given below hold both for the 7r-calculus 
and for the 67r-calculus. We also use actions of the form a or a, when the names 
which are send or received do not matter. 

A cluster is a system of parallel processes P = Pi || P 2 || ... || Pn- A 
computation C for the cluster is a (possibly cc-infinite) sequence of transition^ 

Pi II P2 II . . . II Pn ^ P^ II Pi II ... II 

^Pf ||P|||...||P2 



^ pr II p^ II ... II p : 



If d = ai.a 2 Om, we will represent the computation C also by C : P 

P™ (or by C : P ... if C is infinite) . 

C extends C if C : P ^ P™, and there exists C” : P™ pm+m' 

C” : P™ . . . such that C" = CC” , where the two occurrences of P"* are 
collapsed. The projection of C over Pi {C, P given as above), denoted Proj{C, z), 
is defined as the “contribution” of Pi to the computation C. 

We define the restriction of a sequence of actions d w.r.t. to a set of channels 
A (denoted d/A) as being a word of the {A U A)*, given as follows: 

^ As in [En3, for the sake of keeping notations simple, we suppose that each binder 
i/x is pushed “to the top level” using repeatedly the rules for structural congruence. 
In addition, we do not represent explicitly the binders at top level and we suppose 
that the cluster will never perform a visible action on one of the names restricted by 
a binder 
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nil 



ajA = 



/3M 

< j3/A 
d.(/3/A) 
a-C^/A) 



if a = nil, 
if a = T.p, 

if a = ax. 13 or a = vxax.f3 or a = a{x).p, with a ^ A, (1) 
if a = ax./3 or a = vxax.p, with a € A, 
if (5 = a{x).j3, with a & A. 



Like in lEHll, for the definition of an electoral system, we assume that Chp 
and Chb contain the natural names N, which will represent the identity of pro- 
cesses in a network. We shall use a definition slightly different from those used 

in pW) . 



Definition 4. (Electoral system) 

A cluster P = Pi || P 2 II • • ■ II Pn is an electoral system if for every compu- 
tation C of P, there exists an extension C ofC, and there exists k G {1, • ■ • ,n} 
(the “leader”) such that for each i G {1, • ■ • ,n} the projection Proj{C ,i) con- 
tains exactly one output action of the form k, and any trace of a Pi may contain 
at most one action of the form I, with I G {1, • • ■ , n}. 



Note that for an electoral system, any infinite computation must contain 
already all the necessary output actions, because it cannot be strictly extended, 
and also, that for an electoral system, there exists always a finite computation 
which satisfies the requirements of Definition El 



3 Encoding b7r-Calculus into 7r-Calculus 

In this section we prove the non-existence of an uniform encoding of the bn- 
calculus into 7r-calculus, under certain requirements on the encoding, which pre- 
serves ’’reasonable” semantics. 

When translating a term from one calculus into another, we would like the 
translation be independent of the context, i.e. the encoding of ti in C"[ti] and in 
C''\ti] to be the same regardless of contexts C and C” . This requires that the 
encoding is compositional. Concerning concurrent systems, it is reasonable to 
require at least that the parallel construction is preserved under the encoding, 
and more, that is exactly mapped in the parallel constructor, i.e. that 

IP II Q1 = 1^1 II IQl (2) 

Also, it seems reasonable to require that the encoding “behaves well” with ren- 
amings, i.e. 



[a(P)] = a([PD (3) 

We will call uniform an encoding which satisfies (0) and o and which in ad- 
dition translates outputs (inputs) in the first calculus in related outputs (inputs) 
in the second calculus. 
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Definition 5. Uniform encoding 

An encoding | ] : — > Vy (where {x,y) € {{p,b), (b,p)}) is called uniform, 

if it satisfies the following conditions: 

1- IP II Q] = II IQ], 

2. |cr(P)] = cr(|P]), for any substitution a : N — >■ N, 

3. (3d : P P' if and only if 3p : [P] |P']), where d/N = p/N, 

I if [PI ^ Q then 37 : IP] ^ Q ^ [P'|. 



In the same time, we should prefer that the encodings of two terms “equi- 
valent” under a certain semantics in the first calculus, to be equivalent under a 
related semantics in the second calculus. So, in our case, following Palamidessi, 
“a semantic is << reasonable » if it distinguishes two processes P and Q 
whenever in some computation of P the actions on certain intended channels 
are different from those of any computation of Q” . 



Lemma 1. Any uniform encoding translates an electoral system P from bir- 
calculus into an electoral system |P] from -K-calculus. 

Proof. Let P = Pi || P 2 || . . . || P„ be an electoral system. We shall prove that 

dG f 

R = |P] is an electoral system. 

We have 

Pt/ IP, II P 2 II ... II P„1 = [Pll II IP 2 I II ... II [P„l =Pl II i?2 II ... II Rn 



where P* '^= |P|. 

Let Ri Qi be an arbitrary trace of P^. From the Condition 4 of the 
Definition 0 we obtain that there exists a continuation 

R^ = [^.1 ^Qr^R]= [P'l 



Then, using the Condition 3 of the Definition^, we obtain a corresponding trace 
of Pi 



such that q;®/N = (/3®7*)/N. Since P is an electoral system, a® contains at most 
one action of the form I, with I G {!,... ,n}, and this is also true for the 
/ 3 ’ 

derivation Ri =4> Qi. 

Let 

P : P = Pi II P2 II . . . II P„ Q 

^ It is assumed implicitly in the definition that an uniform encoding “behaves well” 
with respect to restriction [i^aP] = vLadP}) where La is the set of channels used 
to implements the channel a. Also, for the sake of simplicity, we do not mention 
explicitly the binders in the results or in the proofs. 
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be a computation. From the Condition 4 of the Definition 0 we obtain that there 
exists E, extension of D, 

E: R=lPjJ^Qj^ R' = IP'I 

Using the Condition 3 of the DefinitionEl we obtain a corresponding computation 

C P=^ P' 

such that d/N = (/37)/N. Since P is an electoral system, there is an extension 
C" of C 

C ' P p' p" 

and there exists k G {1, . . . ,n} (the “leader”) such that for each i G {1, . ■ . ,n} 
the projection Proj{C ,i) contains exactly one output action of the form k. 
Using the Condition 3 of the Definition El we obtain the computation 

D' ■.R=\P\d^Q^ [P'l ^ [P"l 

such that (/?7/3')/N = (da')/N. Because in there are n outputs of the form 
k, with k G {1, ■ • • ,n}, and since every component Ri can make at most one 
such action, it follows that for each i G {I,-- - ,n} the projection Proj{D\i) 
contains exactly one output action of the form k.D 



Lemma 2. Let Pi = ai || a{x).x. 

For all n >2, P{n) = 0"=! Pi is an electoral system. 

Proof. If 



C : P{n) = Pi II ^2 II . . . II Pn ^ Pi II Pi II ... II Pi = PHn) 

in a step, then there is k G {1, ... ,n} such that a = ak, and Pf = k, \/i G 
{!,... , n}. Then we can extend C to C: 

C : P{n) = Pi II . . . II Pfe II . . . II P„ A dl p II . . . II m/ II fc II . . . || an || k 

— ^ dl II nil II ... II nil || fc || . . . || dn || fc 



— ^ ol II nil II ... II nil || nil || . . . || an || nil 
and we can deal similarly with any other computation. □ 

Then, the main result of this paper is: 

Theorem 1. There exists no uniform encoding of the bir-calculus into n-calculus 
preserving a reasonable semantics. 
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Proof. Let suppose that there exists an uniform encoding |*] of 67r-calculus into 
TT-calculus. 

Let us denote Ri ‘^= |Pi], and R{n) ‘^= Ri || i ?2 || ■ ■ ■ || Rn, where Pi are the 
same as in the Lemma 0 We have 

R{n) = II i ?2 II . . . II Rn = iPl] II m II ... II iPn] = 

[Pl||P2 ||...||Pn] = lP(n)l 

Since Vn > 2, P{n) is an electoral system, using the Lemmad we obtain that 
Vn > 2, R{n) is an electoral system too. 

Let m,m' > 2, and let the renaming a : N — > N, cr(«) = i + m' , Mi G 
, to} and identity otherwise. 

We have 



+ to') = II i?2 II . . . II R-m’ II Rni‘ 


' + 1 II ... II Rm' 


Rl II II . . 


. II II II . . 


■ II iPm'+mj = 


Rl II i?2||.. 


■\\Rm' II HPl)l ||.. 


■ II l<y{Pm)l = 


Rl II i?2 II . . 


.11^™' II <yilPil) l|.. 


■ II cr(|Pj) = 


Rl II i?2 II . 


...|| Rm' II <t{Ri) ||.. 


. II cr(i?m) = 



R{m') II a{R{m)) 

Since R{m!) is an electoral system, then there exists a computation C\ : 
R{m') RP{m') and a fc G {!,... such that for each i G {!,... ,to'| 

the projection Proj(Ci,i) contains exactly one output action of the form k. 
Similar, because R{m) is an electoral system, then there exists a computation 

C 2 '■ R{m) R’^{m) and a fc' G {1, . . . , to}, such that for each i G {1, . . . , to} 
the projection Proj{C 2 ,i) contains exactly one output action of the form k'. 

Hence, there exists a computation C 3 : a{R{m)) a{R‘^{m)) of a{R{m)) and 

a fc' G {!,... , to}, such that for each i G {to' + 1, . . . , to' + to} the projection 
Proj{Cz,i) contains exactly one output action of the form a{k'). 

Then we have the following computation 

Ci : R{m + to') = R{m') || a{R{m)) RF{m!) || a{R{m)) 

M RP{m') II (t(E9(to)) 

such that for each i G {1, . . . ,to'} the projection Proj{C 4 ,i) contains exactly 
one output action of the form k, and for each i G |to' + 1, . . . ,to' + to} the 
projection Proj(Ci,i) contains exactly one output action of the form fj(k'). 
Since cr(fc') G |to' + 1, . . . , to' + to}, we have that k ^ <j(k'), and C 4 cannot be 
extended to a computation C as in the Definition 0 hence R{m + to') cannot 
be an electoral system. □ 
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If we call 67Ta-calculus the asynchronous variant of 67r-calculus (obtained from 
67r-calculus by forbidding output as prefix, asynchronous variant of 7r-calculus 
being obtained similarly from 7r-calculus), we obtain the following result: 

Corollary 1. There exists no uniform encoding of the b'Ka-calculus into iT-cal- 
culus preserving a reasonable semantics. 

Slightly changing the Definition 0 we can prove the following result: 

Theorem 2. There exists no uniform encoding of the bir-calculus into ■K-calculus 
which preserves weak bisimulation. 

Remark. Note that the condition is essential to establish our result. We 
do not claim that there is no encoding at all; hence we cannot guarantee on 
the non-existence of a slighter encoding, which remains compositional, mapping 
IP|| Q1 onto CilPllQj]. 

4 Conclusion and Related Work 

The Theorem n corresponds to the separability result between synchronous and 
asynchronous 7r-calculus obtained by Palamidessi. She uses in her proof the fact 
that asynchronous 7r-calculus enjoys a certain kind of confluence. Hence, there 
are symmetric electoral systems in the 7r-calculus, whereas this does not hold 
in the asynchronous case, since whenever a first action occurs, all the other 
processes can execute their corresponding output action as well, and so on, in 
this way generating an infinite computation which never makes outputs on a 
special channel o (used for sending to the environment the leader). 

In our paper we exploit another difference between the two calculus: while 

TT-calculus enjoys an interleaving semantic (if P P' and Q Q' , then 

P \\Q P' \\Q P' II QO) this does not hold for the &7r-calculus (P P' 
does not imply P || Q P' || Q). 

The problem of encoding a broadcast calculus into 7r-calculus or CCS (^Hi) 
was already stated in IFTTH . Holmer gives an encoding of CP^ into SCCS 
and he makes the conjecture that it is not possible to find a compositional 
translation from broadcast calculus to CCS: “CCS is << too asynchronous >> 
to interpret CBS in”. His variant of broadcast calculus {CBS) is without value- 
passing. We can give a partial answer to his conjecture, by proving that value- 
passing CBS cannot be uniformly encoded in 7r-calculus and that CBS without 
value-passing cannot be uniformly encoded in CCS: 

Proposition 1. There exists no uniform encoding of value-passing CBS into 
TT-calculus preserving a reasonable semantics. 

Hint of the proof In newer variants of CBS, choice is also denoted by &, and 
outputs (inputs) are denoted differently {vlP means a process which says v, and 
become P, while x?Q is a process which listen, and once he heard v, it evolves 
to Q[v/x]). 
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Let Pi = i\ k xlxl. Then it is easy to remark that for all n > 2, P{n) = 
YYi^iPi is an electoral system and using arguments similar to Theorem^ we 
obtain the result. □ 

Proposition 2. There exists no uniform eneoding of CBS without value-passing 
into CCS preserving a reasonable semantics. 

Hint of the proof. In CBS without value-passing, processes communicate by 
exchanging signals (by synchronisations). v\P is a process which says v, and 
become P, while vlQ is a process which listen, and once he heard v, it evolves 
to Q. 

Let Pi = ad || Then it is easy to remark that P{n) = 0"=! 

is a symmetric electoral system (for definition see Definition 3.1 and Definition 
3.2 from Combining this with a stronger version of the Theorem 5.2 from 

fP^ (which admits a similar proof for our definition of Electoral System), we 
obtain the result. □ 
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Abstract. When relative loss bounds are considered, an on-line learning 
algorithm is compared to the performance of a class of off-line algorithms, 
called experts. In this paper we reconsider a result by Vovk, namely an 
upper bound on the on-line relative loss for linear regression with square 
loss - here the experts are linear functions. We give a shorter and simpler 
proof of Vovk’s result and give a new motivation for the choice of the 
predictions of Vovk’s learning algorithm. This is done by calculating the, 
in some sense, best prediction for the last trial of a sequence of trials when 
it is known that the outcome variable is bounded. We try to generalize 
these ideas to the case of generalized linear regression where the experts 
are neurons and give a formula for the “best” prediction for the last trial 
in this case, too. This prediction turns out to be essentially an integral 
over the “best” expert applied to the last instance. Predictions that are 
“optimal” in this sense might be good predictions for long sequences of 
trials as well. 



1 Introduction 

In the on-line learning protocols we consider here, a learning algorithm called 
Learner tries to predict real numbers in a sequence of trials. Real-world exam- 
ples of applications for this protocol are weather or stockmarket predictions, or 
pattern recognition. This protocol can be seen as a game between Learner and 
an opponent. Nature. After Learner receives an instance Xt in the t-th trial, it 
makes a prediction yt and Nature responds with the correct outcome y*. Lear- 
ner wants to keep the discrepancy between ijt and yt as small as possible. This 
discrepancy is measured with a loss function L, and the total loss of Learner on 
a sequence of trials is the sum of the losses in each trial. One way to measure 
the quality of Learner’s predictions is to compare the loss of Learner to that of a 
class of functions from the set of instances to the set of outcomes (such functions 
are called experts), i.e. to give relative loss hounds. 

Like in |0! , we consider the following protocol of interaction between Learner 
and Nature: 

FOR t= 1,2,3,..., T 

Nature chooses an instance Xt G IR" 

Learner chooses a prediction yt G IR 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 269-^^Hl 1999. 

(c) Springer- Verlag Berlin Heidelberg 1999 
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Nature chooses an outcome yt S IR 
END FOR 



Learner does not necessarily know the number of trials T in advance. After 
t trials, the loss of Learner is 



t 

Li(Learner) := . (1) 

We use the following notations: The vectors x £ IR"' are column vectors, , 
the transposed vector of x, is a row vector. For m,n G IN, is the set of 

real mx n matrices. The scalar product of x,y G IR" is x ■ y = x^y = X)r=i 
and the 2-norm of x is ||a:|| = {x ■ x)i . I G IR"^" is the n x n identity matrix. A 
matrix A G IR"^" is called positive semidefinite if x^Ax > 0 for all x G IR" and 
it is called positive definite if x^Ax > 0 for all x G IR" \ {0}. 

We search for strategies for Learner that ensure that its loss is not much 
larger than the loss of the, in some sense, best linear expert. A linear expert 
lu G IR" makes the prediction w ■ x on instance x G M" and its loss on the first 
t trials is 

t 

Lti.w)\=^{ys-wxsf . (2) 

For a fixed a > 0, we try to minimize 

Lt (L earner) — inf fa||w|p -I- L t(w)') . (3) 

The term a||w|p gives the learner a start on expert w, according to the expert’s 
“complexity” ||w|p. 

Several prediction strategies for Learner have been considered. In 0, Kivinen 
and Warmuth gave relative loss bounds for the Exponentiated Gradient Algo- 
rithm. The ridge regression strategy was compared to a similar strategy, called 
AA^, in u by Vovk. The best known upper bound on the relative loss holds for 
AA^. 

How can we get good strategies for Learner? It is not clear what the best 
prediction for Learner at trial t is. This is mainly because, when Learner gives 
ijt, it does not know the number of trials T and it does not know anything about 
the future instances Xt+i, ■ . ■ ,xt and the future outcomes yt, ■ ■ ■ ,yr - But if it is 
known that there is some Y > 0 such that yx G [— Y, F], there is a prediction yx 
for the last trial T that minimizes (0. This prediction is calculated in Theorem 
[D it is essentially the prediction of AA^. 

If Learner makes in each trial t the prediction that would be optimal if 
yt G [— Y, Y] is known and if trial t was known to be the last one of the sequence, 
there is an upper bound on o of the form O(lnT). This is proven in Theorem 0 
which is a reproof of Theorem 1, [SI- Our new proof is shorter and simpler than 
Vovk’s, which uses the Aggregating Algorithm (AA), “perfectly mixable” games 
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and contains a lot of difficult calculations. An independent proof of Theorem 0 
is given by Azoury and Warmuth in Q. They discuss relative loss bounds in the 
context of density estimation using the exponential family of distributions. 

It is possible to find other new on-line prediction strategies with the method 
of Theorem nj As an example, in Sect. 0 we look at the case of generalized linear 
regression. Here the linear experts are replaced by neurons, i.e., we compare to 
functions M" ^ (p{w-x), w S M", where : IR — >■ IR is a fixed differentiable 

and strictly increasing function. The matching loss is used to measure the loss of 
Learner and the losses of the experts (there is a motivation for using the matching 
loss in 0). Under the assumption that the outcome variable is bounded, we can 
calculate the optimal prediction of Learner for the last trial of a sequence in this 
more general case, too. 

2 Linear Regression with Square Loss 

In this section we calculate the best prediction for Learner in the last trial when 
the outcome variable is bounded and we prove an upper bound on the relative 
loss for linear regression with square loss. 

For a sequence {xi,y\), . . . ,{xt,yt) of instances and outcomes it is easy to 
give a formula for the loss of the “best” linear expert. We use the following 
notation: 



i 



^ ysXs G IR” , 


(4) 


t 

■ al + Xsccj G IR”^” . 


(5) 



S = 1 



Note that for t = 0, 1,2, . . ., At is a positive definite symmetric n x n-matrix 
because al is positive definite and xx^ is a positive semidefinite matrix for all 
X G IR". (For each y G IR": y^{xx^)y = (x ■ y)'^ > 0.) 

Lemma 1. For all t > 0, function f{w) := a||w|p -I- Lt{w) is minimal at a 
unique point, say wt- Furthermore, Wt and f{wt) are given hy 



t 

wt = Af^bt and f{wt) = '^y^-bjAf^bt. 



Proof. From 



f{w) 



-- alltclp -k Lt{w) ® a||w|p + 'p^iVs ~ w ■ x^Y 

t 

aw^w + 'p^{yt- ‘^Vs{w ■ a;^) -k {w^Xs){xJw)) 
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t t 

= (ysXs) + 

S^l S^l 

0,0 \ - 2 9 h ^ A 

= 2 ^ 2 /s - 2 w Ot + w AtW 

s=l 




W 



it follows that V f{w) = 2AtW — 2bt, H f{w) = 2At- Thus / is convex and it is 
minimal if V f{w) = 0, i.e. for w = A^^bt- This shows that Wt = A^^bt and we 
obtain 



f{wt) = f{Ai\) = ^ 2 /? - 2bJ Ai\ + bj A^^AtAi\ = ^ 2 /s" - bj A^^bt 



S = 1 



S = 1 



□ 



In 0, Vovk proposes the AA^ learning algorithm which makes the predic- 
tions 

2/t = 

and shows how these predictions can be computed in time 0{v?) per trial. They 
are very similar to Wt • Xt = bJ A^^xt, the prediction of the expert wt on the 
instance Xt- We will now show that bJ^_iA^^xx is essentially the best prediction 
for the last trial T. For this, let 

( -z, z e {-oo,-Z] , 
clip( 2 ;, Z) := ^ z, z & [-Z, Z] , 

[Z, z G [Z, oo) , 

for z, Z G M., Z > 0. clip(z, Z) is the number in [-Z, Z] that is closest to z. 



Theorem 1. If Learner knows that i/t G [—Y,Y\, then the optimal prediction 
for the last trial T is 

ijT = clip(&J_;^A“^a;T, Y) . 

Proof. Any ?/t G [— T, T] can be chosen by Nature. Thus Learner should choose 
a G IR such that 

sup I Lr( Learner) — inf ( a||tc|p -I- L t(w) ) 

J/tG[-V.V] V ujGH" V / 

C T T 

V(2/t-2/t) -V2/4+&T 

t=l t=l 




is minimal. Because of 






br ^ (& T -1 + Vtxt)^ A j}{bT -I + Vtxt) 



— brp_^Arp bx—i Y 2.y'nbrp_.yArp xr' Y yf^x^p Arp xrp 



-i„ 



„T /i-l. 
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this expression is minimal if and only if (only terms that depend on yx or on yx 
are important) 

sup (^—2yxyx + 2/t + 2yx^-\Aj} xx + yx^x Aj} xx^ 

— sup {ijx{xx AjA xx) + “^yxi^-iAjAxx — yx) + Vx) 

VTel-Y,Y] 



is minimal. Since XxAj,^xx > 0 {AjA is positive definite), we only have to 
consider yx = ~Y and yx = Y . Thus we have to find a ijx for which 

‘2Y\hx_iAj} xx — ?/t| + iix (6) 

is minimal. For yx < b^-\A'^^xx, ® equals 2Y{bAp_^A'^^xx — yT) + yx this 
is minimal at TAm{Y,h^_^A'^^xx) on this domain. For yx > b^_^A7p^xx-, (0 
equals 2Y {yx — b^_-^A7p^xx) + ijx this is minimal at max(— F, b^_^A^^xx) 
on this domain. If bi^_-yA^^xx S [-Y, Y] this obviously implies the assertion. If 
> F, ® is decreasing for yx YY and increasing for ijx > Y. Thus 
is minimal at F. The case bj^_-yAjAxx < — F is similar. □ 

Theorem ^does not show that i/t = clip{bJ_iAj~^xt, Y), t = 1, . . . , T, are the 
optimal predictions over a sequence of T trials when it is known that yi, . . . ,yx 
are bounded by F, because the “best” expert on the first t trials might differ 
from the “best” expert on all T trials. But there are very good relative loss 
bounds for these predictions as we will see in Theorem 0 

A standard application of Theorem 1 results, when the learner knows in 
advance a global upper bound F > 0 on all potential outcomes yt (and thus in 
particular on the last outcome yx) ■ The next result shows that a learner without 
prior knowledge of such a global upper bound F can use a sort of “empirical 
upper bound” without suffering much extra loss. 

Theorem 2. Let 

Fo := 0 , Ft:=max|y^| , t= 1,2,3,... . 

S—1 

For all pt = Pt{xi, . . . ,Xt,yi, ■ ■ ■ , yt-i) G M, t = 1, 2, . . . , T, with the predictions 

yt = clip(pt,Ft_i) 

the loss of Learner on a sequence of T trials is at most by F^ larger than with 
the predictions yt = clip(pt,F) for each Y > Yx-i- 

Proof. We show that for all t £ {1, . . . , T}: 

(j/4 - clip(pt,Fj_i))2 < (j/t - clip(pt,F))2 + (Ft - F(_i)^ . (7) 

From this it would follow that the additional loss is at most 



]{Yt - Ft_i)" < V(Ft - Ft_i) = Y^ 



2 
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Let t G {1, . . . ,T}. If \yt\ < Lt_i, then pt clipped by Yt_i is closer to yt than pt 
clipped by F > Yt_i. Thus 

{yt - clip{pt,Yt-i)f < {yt - clip(pt,F))^ . 

So we can assume that \yt\ > Yt-i. Then \yt\ = Yt. If clip(pt, Yt_i) = clip(pt,F), 
(0 is obvious. Assume that clip(pt, Yt_i) ^ clip(pt,F). Thus |clip(pt, yt_i)| = 
Yt-\. If yt and pt have the same sign then 

{yt - clip(pt,Ft_i))2 = {Yt - . 



Otherwise 



{yt - clip{pt,Yt-i)f = {Yt + |clip(pt,Yt_i)|)^ 

< {Yt + \dip{pt,Y)\)^ = {yt - clip{pt,Y)f . 



□ 



Even without clipping the bJ_iA^^xt (not clipping them means that the loss 
of Learner (Learner) will only increase, but has the advantage that Learner 
does not need to know F), there is a very good upper bound on the relative loss. 
To show this, we need the following lemma: 

Lemma 2. For all t >1: 



A(_i A( A( xtXt Aj — {xt xtXt 

Proof. From the equality At — At-i = XtxJ we get 

^t-i ~ ~ -^t-i^t^t A^ , 

Af\-Af^ = Af^xtxjAf\ . 

Thus 



Ar_i- 

® (A-_\ - Af^)xtxjAf^ 
® Af^xtxJ Af\xtxJ Af^ 



( 8 ) 

( 9 ) 



□ 



Theorem 3 ([6j, Theorem 1). If Learner predicts with yt = bJ_lA^ ^xt for 
1 <t <T and if the outcome variables yi, . . . ,yr are bounded by Y > 0, then 



Lt (Learner) < inf 
ujGIR" 



(a||u;f + Lt(w)) 



) + F^ In 


1 , 

— A.X 


/ 


a 
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Proof. For 1 < t < T we have 

{yt-ytf+ inf (allwf + Lt-iM) - inf (a|kf + ^*(^«)) 

'^~=^-2y,y. + S? - bJ_,AT\b,.^ + bj A^'b, 

— — Xf + bf_iAf XfXf^ Af 6t_i — i 

+{bt-i + ytXt)^ ^{bt-i + ytXt) 

~ bt-i{^t XfXf — A^_j^ + A^ )bt-i + j/( x^ A^ Xt 

Lemma 

= yt^t -^t ~ (Xf Af_2^xt)yt 

< Y^xtAf^xt ■ 

Summing over t G {1, . . . ,T} and using (QJ gives 

T 

Lt (Learner) — inf (a||w;|p + Lt(w;)') <Y^\^ XtAf^Xt ■ 



Because of In | f 7lo| = 0, it now suffices to show that for t G {1, . . . , T}: 



x]A^ ^xt < Inp^^ . 

We first show that xj Af^^Xt < 1. This is trivial for xt = 0. For xt ^ 0, it is 
obtained from the following calculation: 

{xj Af^xt)'^ = xj Af^xtxJ Af^xt ^ xj Af^{At - At-i)Af^xt 
= xj Af^xt - xj Af^At^iAf^xt < xj Af^xt ■ 

'' V ^ 

>0 



There is a symmetric, positive definite matrix A G IR"^" such that At = AA. 
Let ^ := A~^xt- Thus Xt = Af. From = xJ Af^xt < 1 we know that I — 
is positive definite and we get 

n n 

, (10) 

2=1 2=1 



where the first inequality holds because the determinant of a positive semidefinite 
matrix is bounded by the product of the entries on the diagonal of the matrix 
(e.g., see 0, Theorem 7 in Chapter 2). It follows that 



„T ^-1 



(Cni 



A Xt = C i < In 



\I-^C 



= ln 



\AA-A^^^A\ 



iln 



^t- 



t-l 



□ 
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Vovk gives the following upper bounds on the term In in |E|' 




where, for the first inequality, again Pj, Chap. 2, Theorem 7 is used, and where 
we assume that < X for t G {1, . . . , T}, i £ n}. 



3 Generalized Linear Regression 

In generalized linear regression we consider the same protocol of interaction 
between Nature and Learner as before, but now expert w G M" makes the pre- 
diction ip(w-x) on an instance x G IR", where : IR — >■ IR is a strictly increasing, 
differentiable function. Now the losses are measured with the matching loss 

rv~^(v) 

L^{y,y) ■■= / - y)dr 

rv~^{v) 

= ‘fir) dr + y(fi~\y) - yip~\y) 

for ?/, y in the range of (see Fig. Q. Examples of matching loss functions are the 
square loss {(p = idiR, L^{y, y) = \{y — yY) and the entropic loss {p{z) = , 

Lifi{y, y) = yin I -I- (1 — y) In Note that in the case of square loss {p = idjR) 
all losses in this section differ by a factor of ^ from those in Sect. 0 This was 
not harmonized because in Sect. 0 we wanted to use the same definitions as in 
0, and in Sect. 0we want to use the common definition of the matching loss. 



( 11 ) 

( 12 ) 







Fig. 1. The matching loss function 
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The loss of Learner and the loss of expert w G M" are now defined as 

t t 

L<^,t(Learner) = = '^L^{ys,(p{w ■ Xs)) ■ 

S=1 S=1 



Lemma 3. For all t > 0, function f{w) := §||ta|p + L^^t{w) is minimal at a 
unique point, say wt- Wt is differentiable in yt and we have 



dwt 

dyt 



■ xt > 0 



(13) 



Let 



Then 



1 

Hz) -.= --zip{z) + j ip{x)dT , z e IR , 

t 

rt'-^{^WfXs-HwfXs)'^ ■ 

s=l 



(Learner) 



inf 





(/?(t) dr 



VsT ^iVs) 



+ H 



(14) 



and 



m 

dyt 



= Wt ■ Xt 



(15) 



The proof of Lemma |3 is omitted here. We need one more small Lemma. 



Lemma 4. Let /, g : IR — >■ IR be differentiable, convex functions with f'{z) > 
g' (yz) for all z G IR. Lf there are numbers Y~ < Y~^ , Z G R such that f is 
minimal at Y~ , g is minimal at Y^ and f{Z) = g{Z), then h := max(/, 5 ) is 
minimal at 



(y- , 


z G (-00, y- 


ciip(z,r-,y+):= z , 


zg [y,y+] 




zg |y+,oo) 



Proof. Because of f{z) > g'{z) for z G IR and because of f{Z) = g{Z), we have 



h{z) 



g{z) , z < Z , 
/(z) , z > Z . 



If Z G [Y~ ,Y~^], then h is decreasing on (— 00 , Z] (because g is decreasing there) 
and h is increasing on [Z, 00 ) (because / is increasing there). Thus h is minimal 
at Z. If Z < Y~ then h is decreasing on (— 00 , Y~] (because both / and g are 
decreasing there) and h is increasing on [y~,oo) (because / is increasing there). 
Thus h is minimal at Y~ . The case Z > F+ is very similar to the case Z < Y~ . 

□ 
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Now we are ready to calculate the best prediction yx for the last trial T when 
it is known that yx G \Y~ ,Y^]. 

wx and Fx are functions in x\, . . . , xx, ?/i, • • • , Ut- If only x\, . . . ,xx and 
2/1, , yx-i are known (which is the case when Learner makes the last prediction 
yx), we write wx = wx{yx), = rx{yx)- 

Theorem 4. Let Y~ < T+ be in the range of ip. As a function of yx, 
sup ( (Learner) - inf ( + L(^,t(w) ) ) 

Vt(^[Y-,Y+] \ u;GlR" \l J ) 

is minimal for 

yx = clip - Y~ J wxiyr) ■ xx dy^ ,Y~ ,Y^ . 

Proof. From m and US) it follows that 
d 



dyx 



|^L<^,r(Learner) - + L^,t{w)'^ 



^3 _l/« N 

= Wx-xx-p) (yx) 



_d d_ 

dyx dyx 



L^,T(Learner) - 



dwx 

dyx 



d 

■ Xx > 0 . 



Thus, for fixed yx, II 1 411 (with t = T) is maximal for yx = Y or for yx = T+. 
So we have to find a yx such that 



rv ^(vt) 



(/?(t) dr + max - y ip ^{yx) + rT(Y ),-Y+ip ^(yx)+rx 
= max i^f(ip~'^(yx)),g(g^~^(yT))') 



with 



f(z)= f if(T)dT-Y z + Fx(Y ), f'(z) = ip(z) -Y , 

do 

g(z)= f ip(r)dT -Y+Z + Fx(Y+) , g' (z) = ip(z) - Y+ , 

Jo 

is minimal. / and g are equal if —Y~ip~^(yx) + Fx{Y~) = —Y~^ip~^(yx) + 
Fx(Y+), i.e., if 

1 



^(yx) = 



rx(Y+) - Fx(Y-) 



dFx 



Y+ - Y- 



dyx 



Y+ -Y- Jy- dyx 

d 1 r" 

- r- Jy^ 

Because of Lemma0 (/ is minimal at ip~^{Y~), g at V3“^(T+)) this implies the 
assertion. □ 



Wx ■ Xx dyx ■ 
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Like in Theorem |3 it might be a good idea to use the predictions 



yt = clip 




where = max*^]^ j/g, 
comes yt are known. 



f + 

Yt~ 



1 

-^1 




wt ■ xt dyt 



,y: 




= min*^]^ ys when no bounds Y , Y~^ on the out- 



4 Conclusion 



We have shown that Vovk’s prediction rule is essentially characterized by the 
property that it minimizes the maximal extra loss (compared to the best off-line 
expert) that might be suffered in the last trial (Theorem[H). For the sake of sim- 
plicity, let’s call this the minmax-property. Note that instead of first inventing 
the learning rule and then proving Theorem ^ one could have gone the other 
direction. The calculus applied in the proof of Theorem Q] will then lead auto- 
matically to Vovk’s rule. This is precisely the line of attack that we pursued in 
Section 13 There, we considered the (much more involved) generalized regression 
problem. In order to find a good explicit candidate prediction rule, we tried to 
find the rule implicitly given by the minmax-property. This finally has lead to 
the rule given in Theorem 2] 

It is straightforward to ask whether this rule has (provably) good relative loss 
bounds. In other words, we need the analogue of Theorem 3 for the generalized 
regression problem. As yet, we can show that 



rt(v+)-rt(v-) 



< 



Y+-Y- 



^ Y+rt{Y-)-Y-rt{Y+) ^ 

V>{t) dr+ y+_y_ Yt-i 



(16) 



for all t. By summing over t G {1,...,T} we get a bound on the relative loss 
over the sequence of T trials. Thus upper bounds on the terms on the right hand 
side of m would be very interesting. 
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Abstract. We consider a variant of P-systems, a new model for compu- 
tations using membrane structures and recently introduced by Gheorghe 
Paun. Using the membranes as a kind of filter for specific objects when 
transferring them into an inner compartment turns out to be a very po- 
werful mechanism in combination with suitable rules to be applied wit- 
hin the membranes. The model of generalized P-systems, GP-systems 
for short, considered in this paper allows for the simulation of graph 
controlled grammars of arbitrary type based on productions working on 
single objects; for example, the general results we establish in this paper 
can immediately be applied to the graph controlled versions of context- 
free string grammars, n-dimensional ^-context-free array grammars, and 
elementary graph grammars. 



1 Introduction 

One of the main ideas incorporated in the model of P-systems introduced in 
P] is the membrane structure (for a chemical variant of this idea see consi- 
sting of membranes hierarchically embedded in the outermost skin membrane. 
Every membrane encloses a region possibly containing other membranes; the 
part delimited by the membrane labelled by k and its inner membranes is called 
compartment k. A region delimited by a membrane not only may enclose other 
membranes but also specific objects and operators, which in this paper are con- 
sidered as multisets, as well as evolution rules, which in generalized P-systems 
(GP-systems) as introduced in this paper are evolution rules for the operators. 
Moreover, besides ground operators the most important kind of operators are 
transfer operators (simple rules of that kind are called travelling rules in [TTlj ) 
allowing to transfer objects or operators (or even rules) either to the outer com- 
partment or to an inner compartment delimited by a membrane of specific kind 
with also checking for some permitting and/or forbidding conditions on the ob- 
jects to be transferred (in that way, the membranes act as a filter like in test 
tube systems, see jSl). In contrast to the original definition of P-systems we do 
not demand all objects to be affected in parallel by the rules; the proofs of the 
results established so far in various papers on P-systems, see and PI, 

show that only bounded parallelism is needed. Moreover, we also omit the fea- 
ture of priority relations on the rules, because this feature can be captured in 
another way by using the transfer conditions in the transfer operators. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 281-^^^ 1999. 

(c) Springer- Verlag Berlin Heidelberg 1999 
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In the following section we shall give a general defintion of a grammar and 
then we define the notions of matrix grammars and graph controlled grammars in 
this general setting. In the third section we introduce our model of GP-systems, 
and in the fourth section we establish our main results showing that GP-systems 
allow for the simulation of graph controlled grammars of arbitrary type based 
on productions working on single objects; we also elaborate how these results 
can be used to show that graph controlled context-free string grammars, graph 
controlled n-dimensional ^-context-free array grammars, and graph controlled 
elementary graph grammars can be simulated by GP-systems using the cor- 
responding type of objects and underlying productions. An outlook to future 
research topics concludes the paper. 

2 Definitions 

First, we recall some basic notions from the theory of formal languages (for more 
details, the reader is referred to 0). 

For an alphabet V, by V* we denote the free monoid generated by V under 
the operation of concatenation; the empty string is denoted by A, and P* \ {A} 
is denoted by V~^ . Any subset of P+ is called a X-free (string) language. 

A (string) grammar is a quadruple G = (P/v, Pr, P, S), where Vn and Vr are 
finite sets of non-terminal and terminal symbols, respectively, with Vn H Pt = 0, 
P is a finite set of productions a — >■ /3 with a S P+ and (3 G V*, where P = 
Pjv U Pr, and S G Vn is the start symbol. For x,y G V* we say that y is directly 
derivable from x in G, denoted by x =>g U, if and only if for some a — >■ /3 
in P and u,v G V* we get x = uav and y = u(3v. Denoting the reflexive and 
transitive closure of the derivation relation =^g by fbe (string) language 

generated by G is L{G) = {w G Vf \ S =>q w}. A production a — >■ /3 is called 
context-free, if a G Vn- 

In order to prove our results in a general setting, we use the following general 
notion of a grammar: 

A grammar is a quadruple G = {B, Bt, P, A), where B and Bt are sets 
of objects and terminal objects, respectively, with Bt C P, P is a finite set 
of productions, and A G B is, the axiom. A production p in P in general is a 
partial recursive relation Q B x B, where we also demand that the domain of 
p is recursive (i.e., given w G P it is decidable if there exists some v G B with 
{w, v) G p) and, moreover, that the range for every w is finite, i.e., for any w G B, 
card ({u G P | {w, v) G p}) < oo. As for string grammars above, the productions 
in P induce a derivation relation =>g on the objects in P etc. The language 
generated by G is L{G) = {w G Bt \ A w}. 

For example, a string grammar (Vn,Vt, P, S) in this general notion now is 
written as ((Pat U Pr)* ,Vt,P, S) . 

2.1 Control Mechanisms 

In the following, we give the necessary definitions of matrix and graph controlled 
grammars in our general setting. For detailed informations concerning these 
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control mechanisms as well as many other interesting results about regulated 
rewriting in the theory of string languages, the reader is referred to j2j- 

A matrix grammar is a construct Gm = {B, Bt, {M, F) , A) where B and Bt 
are sets of objects and terminal objects, respectively, with Bt Q B, A G B is the 
axiom, M is a finite set of matrices, M = {mi | 1 < i < n}, where the matrices 
mi are sequences of the form mi = (m^ i, . . . , Ui > 1, 1 < i < n, and 

the mi j, 1 < j < Hi, 1 < i < n, are productions over B, and A is a subset of 

For mi = (wip, . . . ,mi^m) and v,w G B we define v =^mi w if and only 
if there are wo,wi, . . . ,Wm € B such that wq = v, Wm = w, and for each 
j, 1 < j < ni, 

— either wj is the result of the application of mij to Wj-i, 

— or mij is not applicable to Wj-i, Wj = Wj-i, and mij G F. 

The language generated by Gm is 

L (Gm) = [w G Bt\ a =^mi^ Wi... =^mi^ Wk = w, 

Wj G B, mi^ G M for 1 < j < fc} . 

If A = 0 then Gm is called a matrix grammar without appearance checking. Gm is 
said to be of type X if the corresponding underlying grammar G = {B, Bt, P, A ) , 
where P exactly contains every production occuring in some matrix in M, is of 
type A. 

A graph controlled grammar is a construct Gc = {B, Bt, {R, Lin, Lfm) , A); 
B and Bt are sets of objects and terminal objects, respectively, with Bt Q B, 
A G B is the axiom; i? is a finite set of rules r of the form 
{I (r) : p (I (r)) , cr (I (r)) , (p {I (r))), where I (r) G Lab (Gc), Lab (Gc) being a set 
of labels associated (in a one-to-one manner) to the rules r in R, p {I (r)) is a pro- 
duction over B, a (Z (r)) C Lab (Gc) is the success field of the rule r, and p (Z (r)) 
is the failure field of the rule r; LinGLab {Gc) is the set of initial labels, and 
LfinQLab (Gc) is the set of final labels. For r= (Z(r) : p (Z (r)) , a (Z (r)) , p (Z (r))) 
and v,w G B we define {v, I (r)) =^Cc ^) if only if 

— either p (Z (r)) is applicable to v, the result of the application of the produc- 
tion p{l{r)) to V is w, and k G u (Z (r)), 

— or p {I (r)) is not applicable to v, w = v, and k G p(l(r)). 

The language generated by Gq is 

B {Gc) = {w G Bt \ {A, Zq) =^Cc {wi,h) =^Cc ■ ■ ■ {"^k, h) , k> 1, 

Wj G B and Ij G Lab (Gc) for 0 < j < k, 

'^k ~ ^0 ^ Lin, ^ Ljin\ • 

If the failure fields p {q) are empty for all q G Lab, then Gc is called a graph 
controlled grammar without appearance checking. Gc is said to be of type X if 
the corresponding underlying grammar G = {B, Bt, P, A), where 
P — {p{<l) I 9 G Lab} is of type X. 
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3 Generalized P-Systems (GP-Systems) 

In this section we quite informally describe the model of generalized P-systems 
discussed in this paper. Only the features not captured by the original model of 
P-systems as described in p] and [Z] will be defined in more details. 

The basic part of a (G)P-system is a membrane strueture consisting of several 
membranes placed within one unique surrounding membrane, the so-called skin 
membrane. All the membranes can be labelled in a one-to-one manner by natural 
numbers; the outermost membrane (skin membrane) always is labelled by 0. In 
that way, a membrane structure can uniquely be described by a string of correctly 
matching parentheses, where each pair corresponds to a membrane. For example, 
the membrane structure depicted in Figure El which within the skin membrane 
contains two inner membranes labelled by 1 and 2, is described by [o[i]i[ 2 ] 2 ]o- 
FigureQalso shows that a membrane structure graphically can be represented by 
a Venn diagram, where two sets can either be disjoint or one set be the subset of 
the other one. In this representation, every membrane encloses a region possibly 
containing other membranes; the part delimited by the membrane labelled by 
k and its inner membranes is called eompartment k in the following. The space 
outside the skin membrane is called outer region. 

Informally, in jOj and [71 P-systems were defined as membrane structures con- 
taining multisets of objects in the compartments k as well as evolution rules for 
the objects. A priority relation on the evolution rules guarded the application of 
the evolution rules to the objects, which had to be affected in parallel (if possi- 
ble according to the priority relation) . The output was obtained in a designated 
compartment from a halting configuration (i.e., a configuration of the system 
where no rules can be applied any more). 

A generalized P- system (GP-system) of type A is a construct Gp of the 
following form: 



Gp = {B,BT,P,A,fz,GO,RJ) 



where 

— {B, Bt, P, A) is a grammar of type A; 

— /r is a membrane structure (with the membranes labelled by natural numbers 

0, . . . , p) , 

— I = [Iq, where Ik is the initial contents of compartment k containing 

a (finite) multiset of objects from B as well as a (finite) multiset of operators 
from O and of rules from R] we shall assume A G Jq in the following; 

— O is a finite set of operators (which will be described in detail below); 

— i? is a finite set of (evolution) rules of the form (opi, ..., opk] op'i , ..., op'^) with 
k > 1 and m > 0, where opi, ..., opk, op[, ..., op'^ are operators from O; 

— / G {1, ...,p} is the label of the final compartment; we shall always assume 
If = % and Rf = 0. 

The main power of GP-systems lies in the operators, which can be of the 
following types: 
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— P Q O, i.e., the productions working on the objects from B are operators; 

— Oq C O, where Oq is a finite set of special symbols, which are called ground 
operators; 

— Trim C O, where Trm is a finite set of transfer operators on objects from B of 

the form E,F) , I < k < n, E C F C P; the operator {Tin^k, E, F) 

transfers an object w from B being in compartment m into compartment k 
provided 

1. region m contains membrane k, 

2. every production from E could be applied to w (hence, E is also called 
the permitting transfer condition), 

3. no production from F can be applied to w (hence, F is also called the 
forbidding transfer condition); 

— Trout C O, where Trout is a finite set of transfer operators on objects from B 
of the form {Tout, E,F) ,1 <k <n, E C P, F C P; the operator {Tout, E, F) 
transfers an object w from B being in compartment m into compartment k 
provided 

1. region k contains membrane m, 

2. every production from E could be applied to w, 

3. no production from F can be applied to w; 

— Tr{o, ^ O, where Tr'„ is a finite set of transfer operators working on opera- 
tors from P, Oq, Trim E^nd Trout or even on rules from R; a transfer operator 
Tin,k moves such an element in compartment m into compartment k provided 
region m contains membrane k; 

— Tr'out C O, where Tr'^^^ is a finite set of transfer operators working on opera- 
tors from P, Oq, Trim E^nd Trout or even on rules from R; a transfer operator 
Tout transfers such an element in compartment m into the surrounding com- 
partment. 

In sum, O is the disjoint union of P, Oq, and Tr, where Tr itself is the 
(disjoint) union of the sets of transfer operators Trin, Trout, Tr{^, and Tr'^^^. In 
the following we shall assume that the transfer operators in Tr{^, and Tr'^^^ do 
not work on rules from R; hence, the distribution of the evolution rules is static 
and given by I. If in all transfer operators the permitting and the forbidding 
sets are empty, then Gp is called a GP-system without transfer checking. 

A computation in Gp starts with the initial configuration with R being the 
contents of compartment k. A transition from one configuration to another one 
is performed by evaluating one evolution rule {opi , ..., opk', op'i , ..., op^) in some 
compartment fc, which means that the operators opi, opk, are applied to 
suitable elements in compartment k in the multiset sense (i.e., they are “consu- 
med” by the usage of the rule; observe that ground operators have no arguments 
and are simply consumed in that way); thus we may obtain a new object by 
the application of a production and/or we may move elements out or into inner 
compartments by the corresponding transfer operators; yet we also obtain the 
operators op'i, ..., op^ (in the multiset sense) in compartment k. 

The language generated by Gp is the set of all terminal objects w £ Pp 
obtained in the terminal compartment / by some computation in Gp. 
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To give a first impression of the facilities offered by GP-systems we consider a 
simple example of a GP-system generating the non-context-free string language 
Li = {a”6’"c" I n > 1} : 

Example 1. The string language Li can be generated by the regular matrix 
grammar with axiom (without ac) 

Gm = ({^, B, C, a, b, c}* , {a, b, c}* , ({to, to'} , 0) , ABC) with 
TO = [pi,P2,P3] , Pi= A^ aA, p 2 = B ^ bB, p 3 = C ^ cC, 
m' = [p'i,P2,P3] ,p'i=A^a,p '2 = B^ b, p'^ = C ^ c. 

Obviously, for any n > 1, from the axiom ABC we obtain Ab'^~^ Bd^~^C 
by applying (n — 1) times the matrix to and finally by once applying 

matrix to'. This regular matrix grammar with axiom can easily be simulated by 
a GP-system whose main ingredients are depicted in Figure ^ 




Fig. 1. Membrane structure with rules and initial objects and operators 



Within the skin membrane we start with the axiom ABC as the initial ob- 
ject and the ground operator q] we now can either choose {q]P\, (to,i,0,0)) or 
{q',p'i, (top,0,0)) from the rules available in the compartment delimited by the 
skin membrane labelled by 0. Using {q',pi, (to,i,0,0)) yields the transfer opera- 
tor (to,i,0, 0) , which allows us to transfer the current string, in general being 
of the form d^~'^Ab'^-^Bc^-^C for some n > 1, into the compartment sur- 
rounded by the membrane labelled by 1. By applying (rop,0,0) we now gain 
the transfer operator to,i which allows us to transfer the production pi into 
this compartment 1, too, by applying the rule (rop;). In compartment 1, by 
using the rules (pi;p 2 ) , (P 2 ',P 3 ) , and {p3;q,{Tout,^,9)) sequentially we obtain 
the string a'^Ab^Bc^C as well as the ground operator q and the transfer ope- 
rator (Tout, 0, 0) , which then transfers the string out into the skin compartment 
through the rule ((rout, 0, 0) ; Tout), simultaneously yielding the tranfer operator 
Tout, which finally transfers q, too, by the rule {Tout ', ) ■ 
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In a similar way, after having applied {q]p'i, (to,!, 0, 0)) in the skin compart- 
ment, in the inner compartment 1 we obtain from C by 

sequentially using the rules (piiPa) , , and (pg; (ro. 2 , 0, 0) , {.Tout, 0, 0)) • In- 

stead of the ground operator q now the transfer operator (to, 2 , 0 , 0 ) is generated 
and moved out into compartment 0, where according to the rule {{tq^ 2 , 0 ; 0 ) ! ) it 
transfers the terminal string into the terminal compartment 2. □ 

The example given above already indicates how matrix grammars could be 
simulated by GP-systems. In general, the productions in the matrices need not 
all be different as in this example, hence, usually we will have to use different 
compartments for the application of different matrices. In the proof of Theorem|21 
we will exploit this idea for showing how GP-systems can simulate graph con- 
trolled grammars when using only rules of the form {opi;op2, ■■■,opk) for some 
k > 1, which corresponds to some kind of context-freeness of rules, because opi 
is applied without checking for the applicability of other operators. 



4 Results 

The main result of this paper is to show how graph controlled grammars of 
arbitrary type can be simulated by GP-systems of the same type. The following 
result covers the case where also a kind of “context-sensitive” rules is taken into 
account . 

Theorem 1. Any graph controlled grammar of arbitrary type can be simulated 
by a GP-system of the same type with the simple membrane structure [o[i]i [2]2]o- 

Proof. Let Gc = {B,BT,{R,Lin,Lfin),A) be a graph controlled grammar of 
type X and G = {B, Bx, P, A) be the corresponding underlying grammar of type 
X with P = {p{q) \ q G Lab} . The main ingredients of the GP-system Gp of 
type X generating the same language as Gc can be described in the following 
way (the complete formal description of Gp is obvious and therefore omitted): 

— For each q £ Lab, in compartment 0 we take the following rules: 

For the success case, we use the rules (g; 0, 0)) , ((rm^, 0, 0) ; Tin,i) 

and {Tin.i',) to transfer the current sentential form as well as the ground 
operator which represents the actual node in the control graph, into 
compartment 1. 

For the failure case, where p{q) is not applicable to the current sentential 
form, we use (g; g*, 0, {p (g)})) as well as ((ri„,i, 0, {p (g)}) ; (and 

again {Tin.i',)) for the transfer of the current sentential form and the gro- 
und operator g* . The non-applicability of p (g) is checked by the forbidding 
condition {p (g)} in the transfer rule (ri„^i, 0, {p (g)}) . 

— In compartment 1 we take the following rules for each g £ Lab: 

The rules g*^^\p (g)) and (g(^\p (g) ; a, (ro„t, 0, 0)) with a £ cr (g) gua- 
rantee the simulation of the application of the production p (g) to the under- 
lying sentential form as well as the proceeding in the control graph to a node 
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in the success field of g; the rules {{Tout, 0, 0) ; Tout) and {Tout ] ) then transfer 
the result of the application of p{q) as well as a into the skin compartment 
again. 

In the failure case, we only have to proceed in the control graph to a 
node in the failure field of q, which is accomplished by one of the rules 
(g*; /3, {Tout, 0 , 0)) for /3 G (g); the transfer back into compartment 0 again 
is performed by the rules {{Tout, 0, 0) ; Tout) and {touu)- 
— The initial configuration starts with the axiom A and a special ground ope- 
rator go, go ^ Lab, in compartment 0. By using one of the rules (go;g) for 
g G Lin we can proceed to a starting node in the control graph. 

~ For any g G Lfin we take the rule (g; {Tin,2,9, 0 )) ; the application of the rule 
{{Tin, 2 , 9, 9) ] ) finally transfers a terminal object into the terminal compart- 
ment 2. □ 

As it is obvious from the proof given above, the use of forbidding transfer 
conditions in the operators moving the underlying objects is only needed for 
simulating the ac-case. In fact, we only need the skin compartment to simulate 
the derivations of a graph controlled grammar without ac: For every g G Lab, 
we just take evolution rules of the form {q,p{q) ; a,p{a)) with a € a {q) . Hence, 
we immediately infer the following result: 

Corollary 1. Any graph controlled grammar without ac of arbitrary type can be 
simulated by a GP-system without transfer checking of the same type with the 
simple membrane structure [o[i]i]o- 

When we only allow “context-free” rules of the form {op\]op 2 , ■■■,opk) for 
some fc > 1, then we need a seperate compartment for every node of the control 
graph: 

Theorem 2. Any graph controlled grammar of arbitrary type with the control 
graph containing n nodes ean be simulated by a GP-system of the same type 
with the membrane structure [o[i]i---[n]n[n-i-i]n-i-i]o o,nd rules of the forms {opp,) , 
{opi]op 2 ), and {opi]op 2 ,op 3 ). 



Proof. The main ingredients of the GP-system Gp of type X generating the same 
language as the graph controlled grammar Gc, Gc = {B, Bt, {R, Lin, Lfin) , A) , 
of type X with card {Lab) = n are described as follows: 

— For each g G Lab, in compartment 0 we take the following rules: 

For the success case, we use the rules (g; g^^\ {Tin,q, 0 , 0 )) j {{Tin,q, 0 , 0 ) ; Tin,q) 
as well as {Tm,q ] ) to transfer the current sentential form as well as the ground 
operator g*-^^ into the corresponding compartment g. For the failure case, 
we now use (g; g*, {nn,q, 0, {p (g)})) as well as {{nn,q, 0, {p (g)}) ; Tin,q) (and 
again {Tin,q ] )) for the transfer of the current sentential form and the ground 
operator g* into compartment g. The forbidding condition {p(g)} in the 
transfer rule {Tm,q, 0, {p (g)}) checks for the non-applicability of p (g). 
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— For each q S Lab, in compartment q we take the following rules: 

The rules {q^^^',p{q)) and (p ( 9 ) ; a, (rout, 0, 0)) with a G a (q) allow for the 
simulation of the application of the production p{q) to the underlying sen- 
tential form as well as to proceed to a ground operator a representing a 
node in the success field of q in the control graph; the rules ((Tout, 0 , 0 ) ; Tout) 
and (Tout ; ) then transfer the result of the application of p (q) as well as 
a back into the skin compartment. The failure case again is accomplished 
by one of the rules (q*',/3, (rout, 0 , 0 )) for j3 G p(q) (as well as by the rules 

((Tout , ^ , ^) , Tout) and (Tout,))- 

— The axiom A and the special ground operator q^, go ^ Lab, constitute the 
initial configuration in compartment 0. The rules (qo; q) for q G L^ allow us 
to proceed to a starting node in the control graph. 

— For any q G the rules (g; 0, 0)) and ((ri„,„+i, 0, 0) ; ) finally 

transfer a terminal object into the terminal compartment n -I- 1. 

In contrast to the GP-system constructed in the preceding theorem, now the 
GP-system Gp can simulate the application of a production p (q) at the node g 
in the control graph of Gc only by using a specific compartment g for each q.D 

Corollary 2. Any graph controlled grammar without ac of arbitrary type with 
the control graph containing n nodes can be simulated by a GP-system with- 
out transfer checking of the same type with the membrane structure [o[i]i... 
[n]n[n+i]n+i]o, and rules of the forms (opi;), (opi,op 2 ), and (opi;op 2 ,opz). 

The general results proved above immediately apply for the string case, but as 
well for the objects being d-dimensional arrays and (directed) graphs, which will 
be elaborated in the following subsections. Moreover, in the ac-cases considered 
there, the graph controlled grammars can be constructed in such a way that only 
terminal objects from Bp have been derived when in a derivation a final node 
from Lfin is reached; hence, the results obtained in the terminal compartments 
of the GP-systems constructed in the proofs above are from Bp only, i.e., in this 
case no final intersection with Bp is necessary any more. 

4.1 String Languages 

As shown in P], context-free graph controlled string grammars can generate 
any recursively enumerable string language. The theorems proved above show 
that GP-systems using these context-free string productions can generate any 
recursively enumerable string language, too. 

4.2 Array Languages 

Let Z denote the set of integers and let d G N. Then a d-dimensional array A 
over an alphabet P is a function A : Z‘^ ^ V U {#}, where shape(A) = { u G 
W I A(v) ^ ff} is finite and ff ^ V is called the background or blank symbol. We 
usually shall write A — {(u, A(u)) | v G shape(A)}. The set of all d-dimensional 
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arrays over V is denoted by V*‘^. The empty array in V*‘^ with empty shape is 
denoted by Ad- Moreover, we define = V*^ \ {Ad}. Any subset of V~^'^ is 
called a A- free d-dimensional array language. 

The translation Ty : Z‘^ ^ Z‘^ is defined by Ty{w) = w + v for all w G Z‘^, and 
for any array A G V*‘^ we define the corresponding d-dimensional array 

translated by v, by 



(vy (M)) (w) = A{w — v) for all w G Z‘^. 

A d-dimensional array production p over M is a triple (W,Ai,A 2 ), where 
W C is a finite set and Ai and A 2 are mappings from W to V A {#} 
such that shape{A\) 0; p is called ^-context-free, if card {shape {Ai)) = 1. 
We say that the array C 2 G V*^ is directly derivable from the array Ci G 
by the d-dimensional array production (W, ^ 1 ,^ 2 ) if and only if there exists 
a vector v G Z'^ such that C\ {w) = C 2 (w) for all w G Z‘^ \ Ty {W) as well as 
Cl (u>) = Ai ( t _„ (w)) and C 2 (w) = A 2 (r-y (w)) for all w G Ty {W), i.e., the 
sub-array of Ci corresponding to A\ is replaced by A 2 , thus yielding C 2 . 

Based on these definitions of d-dimensional array productions we can define 
d-dimensional array grammars, graph controlled d-dimensional array grammars 
etc. As was shown in 0, any recursively enumerable two-dimensional array lan- 
guage can even be generated by a graph controlled ^-context-free two-dimen- 
sional array grammar without ac. Hence, Corollaries E and |2| apply showing 
that any recursively enumerable two-dimensional array language can even be 
generated by a GP-system without transfer checking using ^-context-free two- 
dimensional array productions. The same result holds true for dimensions 1 and 
3, too. For d > 4, we only know that graph controlled ^;^-context-free d-dimen- 
sional array grammars can generate any recursively enumerable d-dimensional 
array language; hence, at least Theorems ^ 0 are valid showing that recur- 

sively enumerable d-dimensional array languages can be generated by specific 
GP-systems using ^-context-free d-dimensional array productions. 



4.3 Graph Languages 

As shown in 0, any recursively enumerable graph language can be generated 
by a corresponding graph controlled graph grammar using only the following 
elementary graph productions: 

1. add a new node with label AT; 

2. change the label of a node labelled by K to L; 

3. delete a node with label AT; 

4. add a new edge labelled by a between two nodes labelled by K and M; 

5. change the label a of an edge between two nodes labelled by AT and M to 6; 

6. delete an edge labelled by a between two nodes labelled by K and M. 

According to the theorems proved above, GP-systems using these elementary 
graph productions can generate any recursively enumerable graph language, too. 
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5 Summary and Future Research 

The model of GP-systems investigated in the preceding sections has revealed 
great generative power with respect to arbitrary types of productions working 
on single objects. Yet among others, the following questions remained open: 

— Is the hierarchy with respect to the number of inner membranes needed in 
the proof of Theorem 21 infinite or is there another proof showing that it 
collapses at a certain level? This question can be asked in general or for 
special types of grammars, e.g., for context-free string grammars. 

— The effect of the permitting conditions in transfer operators corresponds 
with the permitting context condition in random context grammars (see | 2 |). 
Hence, in a similar way as in the proofs of Theorems E and El we can show 
that permitting random context grammars can be simulated by GP-systems 
with permitting transfer conditions of the same type. 

— What is the generative power of GP-systems without ground operators and 
transfer operators working on them, i.e., when the only operators we allow 
are productions on objects and transfer operators to be applied to objects? 
Again we can ask this question in general or for special types of grammars. 
For example, in the string case (with at least context-free productions) the 
ground operators representing control variables can be encoded within the 
sentential forms; hence, at least in combination with the permitting and 
forbidding conditions in transfer operators moving objects GP-systems can 
reach the power of graph controlled string grammars again. A similar result 
can be established for graph controlled ^-context-free d-dimensional array 
grammars and graph controlled elementary graph grammars, too. In all these 
cases, the proofs are much more complicated than the pure structural proofs 
of Theorems Q] and El 

As already pointed out in [71 , the idea of membrane structures offers a nearly 
unlimited variety of variants. Hence, this paper can be seen as a starting point 
for further investigations in this field of generalizing the idea of P-systems and 
the investigations of their modelling power. Let us mention just a few ideas to 
be considered in the future: 

— In the proofs given above we have not made use of the possibilty to transfer 
productions working on the underlying objects or even transfer operators 
themselves as we did in Example 1, i.e., we only transferred ground operators 
and objects. Yet it might be interesting to use these features in general, too, 
and to investigate how the usage of other characteristic features can be 
reduced while still getting remarkable generative power. 

— In this paper we have only considered the “sequential variant” of a GP- 
system, where in each derivation step only one evolution rule is evaluated. 
Yet we could also allow an arbitrary number of evolution rules to be evaluated 
in one step or we could even consider the forced “parallel variant” of a GP- 
system, where in each derivation step as many evolution rules as possible in 
all compartments have to be evaluated in parallel. 
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— Additional interesting features to be considered with GP-systems, which 
were already discussed for P-systems in 0 , are the deletion and the genera- 
tion of membranes. 

— How can GP-systems using productions of a more complicated structure 
like splicing rules be defined in an adequate way? A splicing rule on strings 
over an alphabet V usually (e.g., see 0 ) is written as ui#ui$U2#U2 and its 
application to two strings over V of the form xiUiViyi and X2U2V2IJ2 yields 
the two strings xiU\V2y2 and X2U2V\yi, which are the result of cutting the 
two given strings at the sites u\Vi and U2V2 and immediately recombining the 
cut pieces in a crosswise way. Obviously, we can use splicing rules instead of 
other string productions by interpreting a splicing rule as a partial recursive 
relation QV* xV* ^ V* xV* . Yet a suitable modelling of splicing systems 
(H-systems) and related systems is left to a forthcoming paper. 

The formal investigation of the generative power of all these (and many 
other) variants of GP-systems and their complexity for simulating specific other 
generating devices remains for future research. 
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Abstract. We present a combinatorial framework for the study of a 
natural class of distributed optimization problems that involve decision- 
making by a collection of n distributed agents in the presence of incom- 
plete information; such problems were originally considered in a load 
balancing setting by Papadimitriou and Yannakakis {Proceedings of the 
10th Annual ACM Symposium on Principles of Distributed Computing, 
pp. 61-64, August 1991). For any given decision protocol and assuming 
no communication among the agents, our framework allows to obtain a 
combinatorial inclusion-exclusion expression for the probability that no 
“overflow” occurs, called the winning probability, in terms of the volume 
of some simple combinatorial polytope. 

Within our general framework, we offer a complete resolution to the spe- 
cial cases of oblivious algorithms, for which agents do not “look at” their 
inputs, and non-oblivious algorithms, for which they do, of the general 
optimization problem. In either case, we derive optimality conditions 
in the form of combinatorial polynomial equations. For oblivious algo- 
rithms, we explicitly solve these equations to show that the optimal algo- 
rithm is simple and uniform, in the sense that agents need not “know” n. 
Most interestingly, we show that optimal non-oblivious algorithms must 
be non-uniform: we demonstrate that the optimality conditions admit 
different solutions for particular, different “small” values of n; however, 
these solutions improve in terms of the winning probability over the op- 
timal, oblivious algorithm. Our results demonstrate an interesting trade- 
off between the amount of knowledge used by agents and uniformity for 
optimal, distributed decision-making with no communication. 
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1 Introduction 



In a distributed optimization problem, each of n distributed agents receives a pri- 
vate input, communicates possibly with other agents to learn about their own 
inputs, and decides, based on this possibly partial knowledge, on an output, the 
task is to maximize a common objective function. Such problems were originally 
introduced by Papadimitriou and Yannakakis PI , in an effort to understand the 
crucial economic value of information ^ts a computational resource in a dis- 
tributed system (see, also, [2p4liSI I Dj ). Intuitively, the more information available 
to agents, the better decisions they make, but naturally the more expensive the 
solution becomes due to the need for increased communication. Such natural 
trade-offs between communication cost and the quality of decision-making have 
been studied in the contexts of eommunication eomplexity [Z| and eoneurreney 
eontrol p| as well. 

Papadimitriou and Yannakakis 0 examined the special case of such distri- 
buted optimization problems where there are just three agents. More specifically, 
Papadimitriou and Yannakakis focused on a natural load balancing problem (see, 
e.g., |3I5I11|. where each agent is presented with an input, and must decide on a 
binary output, representing one of two available “bins,” each of capacity one; the 
input is assumed to be distributed uniformly in the unit interval [0, 1]. The load 
balancing property is modeled by requiring that no “overflow” occurs, namely 
that inputs dropped into each “bin” not exceed together its capacity. Papadimi- 
triou and Yannakakis ^ pursued a comprehensive study of how the best possible 
probability, over the distribution of inputs, of “no overflow” depends on the amo- 
unt of communication available to the agents. For each possible communication 
pattern, Papadimitriou and Yannakakis discovered the corresponding opti- 
mal decision protocol to be unexpectedly sophisticated. The proof techniques 
of Papadimitriou and Yannakakis 0 were surprisingly complex, even for this 
seemingly simplest case, combining tools from nonlinear optimization with geo- 
metric and combinatorial arguments; these techniques have not been hoped to 
be conveniently extendible to instances of even this particular load balancing 
problem whose size exceeds three. 

In this work, we introduce a novel combinatorial framework in order to en- 
hance the study of general instances of distributed optimization problems of the 
kind considered by Papadimitriou and Yannakakis jS] . More specifically, we pro- 
ceed to the general case of n agents, with each still receiving an input uniformly 
distributed over [0, 1] and having to choose one out of two “bins”; however, in 
order to render the problem interesting, we make the technical assumption that 
the capacity of each “bin” is equal to S, for some real number 6 possibly grea- 
ter than one, so as to compensate for the increase in the number of players. 
Papadimitriou and Yannakakis [S| focused on a specific kind of decision proto- 
cols by which each agent chooses a “bin” by comparing a “weighted average” of 
the inputs it “sees” against some “threshold” value; in contrast, our framework 
allows for the consideration of general decision protocols by which each agent 
decides by using any (computable) function of the inputs it “sees” . 
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Our starting point is a combinatorial result that provides an explicit inclusion- 
exclusion formula II2J Section 2.1] for calculating the volume of any particular 
geometric polytope, in any given dimension, of some speficic form (Proposi- 
tion P) . Roughly speaking, such polytopes are the intersection of a simplex in the 
positive quadrant with an orthogonal parallelepiped. An immediate implication 
of this result are inclusion-exclusion formulas for calculating the (conditional) 
probability of “no overflow” for a single “bin,” as a function of the capacity 6 
and the number of inputs that are dropped into the “bin” (Lemmas Q and El) . 

In this work, we focus on the case where there is no communication among the 
agents, which we completely settle for the case of general n. Since communication 
comes at a cost, which it would be desirable to avoid, it is both natural and 
interesting to choose the case of no communication as an initial “testbed” . We 
consider both oblivious algorithms, where players do not “look” at their inputs, 
and non-oblivious algorithms, where they do. For each case, we are interested in 
optimal algorithms. 

We first consider oblivious algorithms. Our first major result is a combinato- 
rial expression in the form of an inclusion-exclusion formula for the probability 
that “no overflow” occurs for either of the “bins” (Theorem P . This formula 
incorporates a suitable inclusion-exclusion summation, over all possible input 
vectors, of the probabilities, induced by any particular decision algorithm, on the 
space of all possible decision vectors, as a function of the corresponding input 
vector. The coefficients of these probabilities in the summation are independent 
of any specific parameters of the algorithm, while they do depend on the input 
vector. A first implication of this expression is the reduction of the general pro- 
blem of computing the probability that “no overflow” occurs to the problem of 
computing, given a particular decision algorithm, the probability distribution of 
the binary output vectors it yields. Most significantly, this expression contributes 
a methodology for the design of optimal decision algorithms “compatible” with 
any specific pattern of communication, and not just for the case of no communi- 
cation that we particularly examine: one simply renders only those parameters 
of the decision algorithm that correspond to the possible communications, and 
computes values for these parameters that maximize the combinatorial expres- 
sion as a function of these parameters. This is done by solving a certain system 
of optimality conditions (Corollary 0) . 

We demonstrate that our methodology for designing optimal algorithms for 
distributed decision-making is both effective and useful by applying it to the 
special case of no communication that we consider. We manage to settle down 
completely this case for oblivious algorithms. We exploit the underlying “sym- 
metry” with respect to different agents in order to simplify the optimality con- 
ditions (by observing that all parameters satisfying them must be equal). This 
simplification reveals a beautiful combinatorial structure; more specifically, we 
discover that each optimality condition eventually amounts to zeroing a parti- 
cular “symmetric” polynomial of a single variable. In turn, we explicitly solve 
these conditions to show that the best possible oblivious algorithm for the case 
of no communication is the very simple one by which each agent uses 1 /2 as its 



296 S. Georgiades, M. Mavronicolas, and P. Spirakis 



“threshold” value; given that the optimal (non-oblivious) algorithms presented 
by Papadimitriou and Yannakakis for the special case where n = 3 are somehow 
unexpectedly sophisticated, it is perhaps surprising that such simple oblivious 
algorithm is indeed optimal for all values of n. 

We next turn to non-oblivious algorithms, still for the case of no commu- 
nication. In that case, we demonstrate that the optimality conditions do not 
admit a “constant” solution. Through a more sophisticated analysis, we are able 
to compute more complex expressions for the optimality conditions, which still 
allow exploitation of “symmetry” . We consider the particular instances of the 
optimality conditions where n = 3 and 5=1 (considered by Papadimitriou and 
Yannakakis j0|), and n = 4 and S = 4/3. We discover that the optimal algo- 
rithms are different in each of these cases. However, they achieve larger winning 
probabilities than their oblivious counterparts. This shows that the improved 
performance of non-oblivious algorithms comes at the cost of sacrificing unifor- 
mity. 

We believe that our work opens up the way for the design and analysis of 
algorithms for general instances of the problem of distributed decision-making 
in the presence of incomplete information. We envision that algorithms that are 
more complex, general communication patterns, and more realistic assumptions 
on the distribution of inputs, can all be treated in our combinatorial framework 
to yield optimal algorithms for distributed decision-making for these cases as 
well. 

2 Framework and Preliminaries 

Throughout, for any bit b S {0,1} and real number a G [0,1], denote b the 
complement of b, and to be a if 6 = 1, and 1 — a if 6 = 0. For any binary 
vector b, denote |b| the number of entries of b that are equal to one. 

2.1 Model and Problem Definition 

Consider a collection of n distributed agents Pi, P 2 , ■ ■ ■ , Pn, called players, where 
n > 2. Each player Pi receives an input Xi, which is the value of a random variable 
distributed uniformly over [0, 1]; denote x = {x\,X 2 , ■ ■ ■ ,Xn)"^ the input vector. 
Associated with each player Pi is a (local) decision algorithm Ai, that may be 
either deterministic or randomized, and “maps” the input Xi to Pfs output yi. 
A distributed decision algorithm is a collection A = (Ai, A 2 , . . . , A„) of (local) 
decision algorithms, one for each player. 

A deterministic decision algorithmic a function Ai : [0, 1] — > {0, 1}, that maps 
the input x\ to Pfs output yi = Ai{xi); denote y^!i(x) = (Ai(a;i), ^ 2 ( 0 : 2 ), . . . , 
Anixu))"^ the output vector of A on input vector x. A deterministic, single- 
threshold decision algorithm is a deterministic decision algorithm Ai that is a 
single-threshold function; that is. 
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where 0 < < c». Distributed, deterministic decision algorithms and distri- 

buted, deterministic single-threshold decision algorithms can be defined in the 
natural way. 

Say that A is randomized oblivious if for each i, 1 < i < n, Ai \s a, probability 
distribution on {0, 1}; that is, 71^(0) (resp., 71^(1)) is the probability that player Pi 
decides 0 (resp., 1). Denote Oi = 71^(0). Thus, a distributed, randomized oblivious 
decision algorithm is a collection A = {ai,a 2 , ■ ■ ■ ,a„) is a collection of (local) 
randomized, oblivious decision algorithms, one for each player. 

For each b £ {0, 1}, define Sb = X^i.A,(x)=b thus, Sb is the sum of the inputs 
of the players that “decide” b. For each parameter <5 > 0, we are interested in 
the event that neither S'q nor Si exceeds <5; denote Pr_ 4 (S'o < 6 and Si < 5) the 
probability, taken over all input vectors x, that this event occurs. We wish to 
maximize Pr_ 4 (S'o < S and Si < 6) over all protocols A] any protocol A that 
maximizes Pr_ 4 (S'o < S and < i5) is a corresponding optimal protocol. 

2.2 Combinatorial Preliminaries 

For any polytope II, denote Vol(n) the volume of II. A cornerstone of our analysis 
is the following combinatorial result that calculates the volume of any particular 
polytope that has some specific form. Fix any integer m > 2. Consider any pair 
of vectors a = ( 01 , 02 , • • ■ , , and b = {Pi, P 2 , ■ • ■ , PraY^ , where for any I, 

1 < I < m, 0 < ai, Pi < 00 . Define the m-dimensional polytope 

m 

lY'^\a,h) = {{xi,X2,...,Xm)'^ £[Q,Pi]x[Q,P2]x ...x[Q,Pm] I — < 1 } ■ 

a; 



Thus, (a, b) is the intersection of the m-dimensional simplex 

m 

= {{xi,X2,...,Xm)'^ I <!}, 

with the m-dimensional orthogonal parallelepiped [0,/?i] x [0, /32] x . . . x [0,/?^]; 
The vectors a and b determine the simplex and the orthogonal parallelepiped, 
respectively. We provide an explicit inclusion-exclusion formula for calculating 
the volume of Il(™)(a, b). 

Proposition 1. 

Vol(n(™)(a,b)) = 

^9 - + X] ~ X H 1- (-l)™P{i,2....,m} , 

l<f<m <k<m 



b0 



1 

ml 



l[ai, 



Z=1 



where 
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and for each set of indices X Q {1, 2, , m}, 



\ 0, 1 < ■ 



2.3 Probabilistic Lemmas 

In this section, we present two straightforward implications of Proposition ^that 
will be used later. 

Lemma 1. Assume that for each i, 1 < i < m, a;^ is uniformly distributed over 
[0, fii] . Then, for any parameter 5 > 0, 

Pr(V X, < <5) = ^ ~ 

m\ 



nr.iA 

An immediate implication of Lemma ^ concerns the special case where for 
each i, 1 < i <n, fdi = 1. 

Corollary 1. Assume that for each i, 1 < i < m, Xi is uniformly distributed 
over [0, 1]. Then, for any parameter <5 > 0, 






0<Z<m,Z<(5 



We also show: 



Lemma 2. Assume that for each i, 1 < i < m, a;^ is uniformly distributed over 
[Pi, 1]. Then, for any parameter (5 > 0, 



Pr(^a:i < <5) = 






_,(-l)m(rn-5-|/| + E,e/A) 



m\ 






3 Oblivious Algorithms 

3.1 The Winning Probability 

We show: 

Theorem 1. Assume that A is any randomized oblivious algorithm. Then, 
Pr_ 4 (S'o < S and Si < S) = 



= ^" E (|^ E (-1) 

bG{0,l}" ' ' 0<i<|b|,i<(5 

1 



(n- |b|!) 



E (-1) 



0</<n-|b|,i<5 



ifn-\h\ 
I 






1 - 



|b| 



i-|b| 



n«ro- 



Z=1 
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The proof of Theorem Q] relies on appropriately using Corollary ^ Theorem ^ 
immediately implies necessary conditions for any optimal protocol. These con- 
ditions are determined by simultaneously vanishing the partial derivatives with 
respect to all parameters of the algorithm. 



Corollary 2 (Optimality conditions for oblivious algorithms). Assume 
that A is an optimal, randomized oblivious algorithm. Then, for any index k. 



1 



^ ^Ibl! ^ ^ 



bGfO.l}' 

1 

(n- |b|)! 



0<i<|b|,i<5 



E (-1)' 

0<;<n-|b|,i<<5 



n- |b| 

I 






|b| 



1 - 



n-|b| 



ri 

^ n »f‘>) 



da - ^ 






i=zl,iz^k 



= 0 . 



3.2 The Optimal Oblivious Algorithm 

For each set 1 < f < n, 



^i(x) 



0 , Xi ^ an 

1 , Xi ^ an 



it follows that Pr^(?/i = 0) = an and Pr_ 4 (yi = 1) = 1 — an- We show that the 
optimal winning probability is achieved by the very simple protocol for which, 
for each i, 1 < i < n, ai = 1/2. 

Theorem 2. Consider the oblivious case. Then, 



1 f 5 

maxPr^(iS'o < 5 and Si < 6) = — ( - 
.4 n! V 2 



E( 

r=0 



E <-i)' 

0<l<r,KS 



I 

'-5 






0</<n— r, 
l<6 



Proof. Take any optimal protocol A. By Theorem QJ 
Pr^(S'o < 6 and Si < S) 



= «" E E (-1)' 

be{0,l}" ' ' 0<i<|b|,i<5 

1 



(n- |b|)! 



E (-1) 



0<i<n-|b|,i<<5 



ifn-\h\ 
I 



^--6 






|b| 



n— |b| n 
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Fix any index k, 1 < k < n. By Corollary 0 



^ V|! ^ ^ 

be{0.1}" ' ' 0<i<|b|,i<i5 



lf\^\ 







|b| 



1 



(n- |b|)! 



E (-1)' 

0<l<n-\h\,KS 

d_ 
dau 



n- |b| 

I 



^ 5 



n-|b| 



= 0 , 



so that 



H (iKii H (-1) 



i(\^ 



Ibl! 

bG{0,l}",fefc=l ' ' 0<;<|b|,i<i5 




1 



(n- |b|)! 



E (-1)' 



0<i<n-|b|,i<5 
1 



n — |b| 

I 



E (iTTil E (-1) 



Ibl! 

bG{0.1}”.bfc=0 ' ' 0<i<|b|,i<(5 



l(\^\ 




1 

{n- |b|)l 



E (-1)' 



0<Z<n-|b|,;<5 



, - |b| 



1 - 






^ (5 



1 - 



|b| 



n— |b| n 

- n 

2 = 1, 27^/2 

|b| 



n— |b| n 



n “S4 

2 = l, 27 ^fc 



= 0 . 



By symmetry of optimality conditions, it follows that on = 022 = . . . = a„„; 
denote a their common value. Clearly, 



^ ^\h\l ^ ^ 

bG{0.1}",hfc = l ' ' 0<i<|b|,i<(5 

^ifn- |b| 

I 







|b| 



1 



E (-1)' 

0<Z<rt-|b|,i<(5 






i-|b| 



^ V|! ^ ^ 

bG{0,l}",hfc=0 ' ' 0<i<|b|,i<(5 

1 




(n- |b|)l 
|b| 



1 - 



0 ^ 

n-|b| 



0</<n-|b|,i<5 ^ ^ 

There are vectors b S {0, 1}" with bk — 1; for any such vector, 

1 E |b| < n. Similarly, there are ("b|^) vectors b € {0, 1}" with bk = 0; for any 



(n- |b|)l 

= 0 . 
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such vector, 0 < |b| < n — 1. It follows that 

jb|-i)<ibji 



E E (-T 

|b| = l ' /II 0<Z<|b|,/<5 






|b| 



(n- |b|)! 



E (-1) 



0<Z<n-|b|,i<(5 



ifn-\h\ 
I 



n—1 

E 

|b|=0 



n-A 2 

ibi r 



if\^\ 

I 



(n- |b|)! 



b|! E ( 

0<i<|b|,i<5 

ifn-\h\ 
I 



E (-1)' 



0</<n-|b|,i<«5 






1 - 






•^-|b| / Q, \ 1^1“^ 



1 — a 



)- 



|b| 



i-|b| / ^ \ |b| 



1 — a 



= 0 . 



The left-hand side is a polynomial in a/(a — 1) of degree n—1. Consider any 
integer r, where 0 < r < n — 1; We show that the coefficients of (a/(a — 1))’' 
and {a/ {a — are the negative of each other. 

Thus, the left-hand side is a symmetric polynomial of degree n— 1. Moreover, 
we can establish along similar lines that for the case where n is odd, the coefficient 
of {a/{a — is identically zero. This implies that 1 is the only one real 

root of this polynomial; setting af{a— 1) = 1 yields a = 1/2, with corresponding 
optimal winning probability 



Pr^(5'o < <5 and S\ < <5) 

= E (|^ E (-1)' 

bG{0,l}" ' ' 0<i<|b|,i<5 



1 



(n- |b|)! 
1 

n! U 



E (-1)' 



0<J<n-|b|,i<«5 



n- |b| 
I 



^--5 






E ( 

bG{0,l}" 



E (-1)' 

0<i<ra-|b|,;<i5 

-/f 5 )"E( 



n- |b| 
I 



E (-1) 

0<Z<|b|,/<5 

-|b| 



|b| 



n— |b| / \ ^ 

2 
|b| 

1 - 



i-D ) 



E (-T i b- 



r=0 ^ ^ 0<l<r,l<6 



E (-1)' 

0<l<n—r,l<5 



n — r 

I 



1-5) ). 



as needed. 



Theorem |2| implies that for any integer n, the optimal winning probability of 
an oblivious algorithm is computable in exponential time. 
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4 Non-oblivious Algorithms 

4.1 The Winning Probability 

Theorem 3. Assume that A is any randomized non-oblivious algorithm. Then, 
Pr^(S'o < 5 and S\ < 5) 



^ ^(n-|b|)! ^ 

belo,!}" 






ra-|b| 



/ 



|b| 



|b| 



11(1-/30-^ E (-1)1^1 (ib|-5-|/| + EA 






)• 



V 



IC{i-.bi = l}, 



l€l 



4.2 Optimality Conditions 

For non-oblivious algorithms, the analysis is more involved since it must take 
into account the conditional probabilities “created” by the knowledge of inputs 
by the agents. We show: 

Theorem 4 (Optimality conditions for non-oblivious algorithms). As- 
sume that A is an optimal, randomized non-oblivious algorithm. Then, for any 
index k. 



E 

|b|=0 



n — I 



b| J (n - 1 - |b|)! 






0<Z<n-l-|b|, 
6—^l>0 



(-(1-/3)N- 



b| (|b| + 1) 
(|b| + l)! 






l<i<|b| + l, 
|b|-|-l — S 



i: ("ibi ^ (-d'(7)(n-^- '+«"■')) 



|b|=0 

-jn- |b|) 

(n- |b|)! 



l<i<n-|b|,5-/3i>0 



0<;<|b|, 
|b|-(5-i-|-/3;>0 

IV.I X \ / 



= 0 . 



Unfortunately, the conditions in Theorem0do not admit a uniform solution 
(independent of n). We discover that the solutions for n = 3 and n = 4 are 
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different. The solution for n = 3 and <5 = 1 satisfies the polynomial equation 
/3^ — 2/3 -I- 6/7 = 0; the solution is calculated to be equal to 1 — ^1/7 = 0.622, 
which is the threshold value conjectured by Papadimitriou and Yannakakis in 0 
to imply optimality for the same case. On the other hand, the solution for n = 4 
and S = 4/3 satisfies the polynomial equation — (26/3)/3^-|-(98/3)/3^ — (368/9)/3-|- 
416/27 = 0; the solution is calculated to be equal to approximately 0.678. 
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Abstract We prove that the generalized Post Correspondence Problem 
(GPCP) is decidable for marked morphisms. This result gives as a corol- 
lary a shorter proof for the decidability of the binary PCP, proved in 
1982 by Ehrenfeucht, Karhumaki and Rozenberg. 

1 Introduction 

Let A and B be two finite alphabets and h,g two morphisms h,g: A* — >■ B*. 
The Post Correspondence Problem, PCP for short, is to determine if there exists 
a nonempty word w G A* such that h{w) = g{w). It was proved by Post 0 that 
this problem is undecidable. The PCP is one of the most useful problems for 
deriving other undecidability results. 

Restricting the instances (h, g) of the PCP may make the problem decidable. 
For example, if we assume that the size of the instance, i.e. |A|, is at most two, 
then the PCP is decidable, see Ehrenfeucht, Karhumaki and Rozenberg j]]. On 
the other hand it is known that if |A| > 7, then the problem remains undecidable, 
see Matiyasevich and Senizerques 0. 

It was proved by Halava, Hirvensalo and de Wolf that the PCP is decidable 
if the morphisms are marked | 2 |. A morphism h is called marked, if h{x) and 
h{y) start with a different letter whenever x,y G S and x y. In this paper 
we consider a modification of the PCP, called the generalized PCP, GPCP for 
short. An instance of the GPCP consists of two morphisms h,g: A* — )> R* and 
words pi,P2,si,S2 G B* . The GPCP is to tell whether or not there exists a word 
w G A* such that 

Pih{w)si = P2g{w)s2- 

We shall denote the instance of the GPCP by {{p\,P2)^h,g,{si,S2))- Actually 
Ehrenfeucht, Karhumaki and Rozenberg proved in ^ that the GPCP for marked 

* For more detailed proofs, see full paper: 
http:/ /www. tucs.abo.fi/publications/techreports/TR283.html 

** Supported by the Academy of Finland under grant 44087. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 304-^1^ 1999. 
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morphisms is decidable for binary alphabets A, and since every binary instance of 
the PCP is either periodic (see 0 ) or can be reduced to an instance of the binary 
GPCP with marked morphisms, they had that the binary PCP is decidable. In 
this paper we shall prove the following theorem. 

Theorem 1. The GPCP with marked morphisms is decidable for any alphabet 
size. 

The decidability of the marked GPCP was mentioned as an open problem in |2| . 
As a general reference for the PCP and the GPCP we give |2|. 

Our proof of Theorem D uses the idea of reducing a problem instance to 
finitely many new instances such that one of these new instances has a solution 
if and only if the original one has. We will show that the iterative use of this 
reduction process will eventually give us the desired decision method. 

We fix first some notations. The empty word is denoted by e. A word x G A* 
is said to be a prefix of y G A*, if there is z G A* such that y = xz. This will be 
denoted hy x < y. Similarly, a word a; G A* is said to be a suffix of y G A*, if 
there is z G A* such that y = zx. This will be denoted by a; ^ y. We say that x 
and y are comparable ii x < y or y < x. Moreover, a word x G A* is said to be 
a factor of y G A*, if there are words zi, Z2 G A* such that y = zixz2. 

Finally we introduce a convention that will smoothen some concepts to be 
used later: If ft, : A* — >■ B* is a marked morphism, then clearly |A| < \B\. 
Renaming the source alphabet A we can always assume even that A G B and 
also that for each a G A, ft(a) begins with a. However, notice carefully that for 
a morphism pair h, g : A* ^ B* given as an instance of the GPCP, we cannot 
assume that both h{a) and y(o) begin with a. That ft(a) begins with a will be a 
permanent premise hereafter. 



2 Modified Instances 

Let I = {(pi,p2),h,g,{si,S2)), where h,g\ A* — >■ B*, be an instance of the 
marked GPCP. A word w G A* is called a solution of I, if 

pih{w)si = P2g{w)s2- 

A solution w = wqvwi is called minimal if for all v e, wqWi is not a solution. 
The instances 



I = {{Pi,P2),h,g,{si,S2)) ( 1 ) 

can be reduced to instances, where pi = £ or p2 = e and Si = e or S2 = £, since 
to have a solution we must have pi < p2 or p2 < pi, and si ^ S2 or S2 ^ si- 
We first modify the marked GPCP by requiring that the solutions begin with 
a new fixed letter ff. For this, let # be a new letter. If in (HJ Pi £ or P2 £ 
we extend the morphisms by defining ft(#) = ffpi and y(#) = ffpz- On the 
other hand, if pi = e = P2, we fix a letter oq G A and define ft(#) = ffh^ao) and 
ff(#) = #5(ao). 
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In both cases, the extended morphisms h,g: (Au{#})* — >■ (i?U{#})* remain 
marked, and in the latter case, m has a solution that begins with oq if and only 
if the modified instance ((e, e), h, g, (si, S2)) has a solution in #A*. Clearly the 
marked GPCP is decidable if we can decide whether a solution exists for each 
uq € A. 

Therefore we can restrict to the instances of the form 

i#,h,g,{si,S2)) (si = e or S2 = e), ( 2 ) 

where the solutions w are required to satisfy w G #(^\ {#})* and h{w)si = 
g{w)s2- 

If an instance 0 has Si = S2 = £j then we have to check whether there is a 
solution of the marked PCP beginning with the letter but this is decidable 
by the result of 0 . Therefore we shall assume that S1S2 ^ e. We have 

Lemma 1. The GPCP for marked morphisms is decidable if and only if it de- 
cidable for the instances {ff,h,g, (31,82)), where s\ = e or S2 = £• 

3 Blocks and Successors of Instances 

A block of an instance I = (h, g) of the marked PCP is a pair (u, v) G A+ x A+ 
such that h(u) = g(v) and for all nonempty prefixes ui < u, vi < v, h(ui) = 
g(vi) implies Ui = u and Vi = v. If there is no danger of confusion, we will also 
say that h(u) = g(v) is a block. The words u and v are called block words (of h 
and g respectively). Letter a G A is a block letter if there is a block (u,v) such 
that a < h(u),g(v) (now also a < u, since we assumed that h(a) begins with a 
and h is marked). Accordingly, a block is a minimal nontrivial solution of the 
equation h(x) = g(y). 

Lemma 2. Let (h,g) be an instance of the marked PCP for h,g: A* — ^ B* . 
Then for each letter a € A, there exists at most one block (u, v) such that a < u. 
In particular, the instance (h,g) has at most |A| blocks. Moreover, the blocks of 
(h,g) can be effectively found. 

The blocks can be constructed by constructing sequences (ui, Vi) that always 
satisfy h(ui)s = g(vi) or h(ui) = g(vi)s. In the first case, if there exists u' € A 
such that h(uiu')s' = g(vi) or h(uiu') = g(vi)s', then (ui+i,Vi+i) = (uiu',Vi). 
In the second case, if there exists v' G A such that h(ui)s' = g(viv') or h(ui) = 
g(viv')s', then (u^+i,Vi+i) = (ui,Viv'). 

For two words si,S2 G A* with si = £ or S2 = £, a pair (u,v) is called an 
end block (or an (si, S2)-end block, to be precise) if h(u)si = g(v)s2 and (ui,t>i) 
is not a block for any u\ <u and vi < v. Let 

Ea = {(u, v) I (u, v) is an end block and a < h(u) or a < g(v)} 



be the set of all end blocks for the letter a. 
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Lemma 3. Let I = (^, h,g, (si, S 2 )) be an instance of the marked GPCP, si = e 
or S 2 = E and a a fixed letter. The set of end blocks Ea is a rational relation and 
can he effectively found. Moreover, 

(i) If a is a block letter, Ea is finite. 

(ii) If Ea is infinite, then it is a union of a finite set and finite number of sets 

{{xu^ ,yv'^w) I fc > 0} and {{xu^w,yv^) | fc > 0} 
for some words u, v, x, y, w. 

We shall call {xu^ ,yv^w) and (xu^w,yv^) in Lemma 0 (ii) extendible end 
blocks. 

Let I = {ff,h,g, (si, S 2 )) be an instance of the marked GPCP. For a solution 
w S A* , h{w)si = g{w)s 2 , of I, 



W = U1U2 . ■ . Uk+l = V1V2 . . ■ Vk+l 



is a block decomposition for w, if 

1. (ui, Vi) is a block for each i = 1,2, . . . ,k, 

2. {uk.+i,Vk+i) is an (si,S 2 )-end block. 

Because the blocks are minimal solutions to h{ui) = g{vi), it is easy to see that 
the following lemma holds. 

Lemma 4. Every solution w G A* of I has a unique block decomposition. 

Note that, since the block decomposition of a solution may consist only of 
an end block, it is necessary to construct also the set E^. 

Let I = (h, g) be an instance of the marked PCP with h,g: A* ^ B* and 

A' = {a G A \ a is a, block letter}. (3) 

We define the successor of I to be I' = {h',g'), where the morphisms h' and g' 
are from {A')* into A* such that 

h' {a) = u and g'{a) = v, (4) 

where {u, v) is a block for the letter a G A'. 

Lemma 5. Let I = {h,g) be an instance of the marked PCP and I' = {h',g') 
be its successor. 

(i) I' is an instance of the marked PCP. 

(ii) I has a solution if and only if I' has. 

(Hi) hh'{x) = gg'{x) for all x G (A')*. 

(iv) If a < h{a) for each a, then also a < h'{a) for each a. 

Proof. This is clear by the construction and by the definition of the blocks. □ 
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The definition of a successor gives inductively a sequence of instances li, 
where Iq = I and I^+l = n- The decidability of the marked PCP in 0 was 
eventually based on the fact that the successor sequence defined above has only 
finitely many distinct instances. The authors of [3 used two measures for an 
instance I of the marked PCP, namely the size of the alphabet and the suffix 
complexity. 

a{I) = I Ua^A {x I x is a proper suffix of g(a)}| 

+ I UaeA {a; I a: is a proper suffix of h(a)}|. 

It is clear that for alphabet sizes of /' and I we have |A'| < \A\. That a{I') < a{I) 
is not so straightforward. The next lemma can be found in j2j. 

Lemma 6. If I is an instance of the marked PCP and I' is its successor then 
cr{r) < cr(/). 

The previous lemma together with \A'\ < |A| yields the following result, see |2|. 

Lemma 7. Let I be an instance of the marked PCP. Then there exist ng and 
d such that C+d = li for all i > ng. The numbers ng and d can be effectively 
found. 

The previous lemma means that after ng consecutive successors the instances 
begin to cycle: . . . , Ino+d = Ingj • ■ ■ • In this loop the alphabet size and the 

suffix complexity are constant. 

Next we define the successors of the instances I = (#, h, 5 , (si, S 2 )) of the 
marked GPCP. Let (hfg') be the successor of {h,g) and let (u,f) be any end 
block of I. Then 

I'(u,v) = {#,h',g\ (s'i,4)) 

is the successor of / w.r.t. (u,v), where (s4 is defined as follows: If u ^ rt, 
then = uv~^ and S 2 = £ and if rt ^ u, then 4 = £ nnd S 2 = vu~^. Otherwise 
I'{u,v) is not defined. Note that for (u,v) £ the successor I'{u,v) is defined 
if and only ii u = v, since ^ is a special symbol not in A. Moreover, u = v is a, 
solution of I. 

Lemma 8. An instance I = (ff,h,g, (si,S 2 )) hos a solution if and only if the 
successor I'{u,v) = {ff,h',g\ has a solution for some end block (u,v). 

Moreover, each solution w to I can be written as w = h'{w')u = g'{w')v, where 
w' is a solution of I' and (u, v) an end block of I . 

Proof. Assume first that I has a solution w with the block decomposition 



W = U1U2 . . . Uk+l = V1V2 . . . Vk+l, 

where (ui,Vi) is a block for the letter Oj, for 1 < i < fc, and (uk+i,Vk+i) is an 
end block. Clearly Uk+i =4 Vk+i or Vk+i =4 u^+i. If the first case holds, then 
4 = 4 = 'i'fe+ 1%+1 and I'{u, ?;) = (#, h' , g' , (4> 4))- Now 

h'{ai . . . Ofc) = wufl^ = g'{ai . . . Ofe)4, 
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i.e. I'{u, v) has a solution w' = a\ ... ak and w = h' {w')uk+i = g'{w')vk+\. Case 
Vk+i ^ Uk+i is symmetric. 

Assume then that I'{u,v) = {^,h' , g' ,{s[, s'2)) has a solution w' . Then also 
h'(w')u = g'{w')v and by the definition of the end blocks and Lemma 0 

h{h'{w')u)si = h{h' {w'))h{u)si = g{g'{w'))g{v)s2 = g{g'{w')v)s2, 

so h'{w')u = g'{w')v is a solution of I. □ 

For (m, v) € in the previous theorem w' = e. Clearly it is of no use to 
construct the successors of / for (rt, v) G with u = v, since we already found 
a solution for I. We shall return to this in Lemma EH 

4 Reducing the Extendible End Blocks 

By Lemma 0 we can reduce an instance / to its successors for all end blocks. 
The problem in this approach is that by Lemma 0 I potentially has infinitely 
many successors. We shall next show that also the extendible end blocks reduce 
to a finite number of successors. 

Let I = (#, h,g, (si, S 2 )) and that assume that we have the successors 

I'{xu^w,yv^) = for fc > 0 (5) 

with morphisms h' , g' : (A')* — >■ A* as defined for the successor of (h, g). Succes- 
sors I'{xu^ ,yv^w) are treated analogously. 

Lemma 9. Let for k > 0, be as in the above and |u| = |z;|. Then there are 
only finitely many distinct successors and they can be effectively found. 

Proof. A successor with respect to (xu^w,yv^) is defined only if either yv^ =4 
xu^w or xu^w =4 yv^ ■ In the first case, = xu^w{yv^)~^ and S 2 = e. Let £ be 
the least number such that \yv^\ > |tc| and yv^ =4 xu^w. If there is no such £, 
then there is only finitely many possible k such that yv^ =4 xu^w. If yv^ ^ xu^w 
for some k > £., then however = xu^w{yv^)~^ = xu^w{yv^)~^ and S 2 = £• 
The second case is similar. □ 

Lemma 10. Assume that the successors I'f. are as in (0 and that |u| |?;|. 

Then there are only finitely many k such that I'f. can have a solution and these 
numbers k can be effectively found. 

Proof. Let b,c G A and assume that b < xu^ and c < yv^ . Notice first that b 
(resp. c) is not a first letter of any image of h' (resp. g'), since it is a first letter 
of an extendible end block. To prove the claim it is sufficient to show that for 
all f G A' there are only finitely many k such that I'f. has an end block for /. 

The end blocks can be effectively constructed for all / by constructing the 
same sequence (ui,Vi) G (A')* x (A')* as for blocks. If there is an end block for 
some fc, then, for some i, necessarily 



h'(ui) = g'{vi)zi or g'{vi) = h'{ui)zi, 
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where c < Zi or b < Zi, respectively. If no such Zi exists before the sequence 
terminates, then there is no end block for /. Assume the first case, i.e. c < 
Zi, the other case is symmetric. Then the possible end block is of the form 
h' (uiu')xu^w = g'{vi)yv^ for some u' S A' . This u' can be effectively found if 
it exists, by defining a sequence, which adds letters to u' and check whether 
(h! {uiu'))~^ g' {vi)yv^ begins with b. This process is finite, since yv has only 
finitely many suffixes. 

Once we have found the unique possible u', we can check by the lengths 
whether for some k \h'{uiu')xu’^w\ = \g'{vi)yv^\. Since |u| ^ |r;| such a fc is 
unique. This proves the claim. □ 

Let 

5" = {(s'i> 4) I (#) h',g', (4)4)) is a successor of /} 

be the set of the end words of the successor of I. We introduce a collective 
notation 



I' = {#,h',g',S') (6) 

to stand for all the successors of I. By Lemma 0 I has a solution if and only if 
one of the successors (jOJ has, but by Lemmata El and E3 we can always assume 
that S' is a finite set. Thus we obtain a chain of sets of successors reducing the 
original instance Iq = hg, go, (si, S2)) to its successors Ii = {^,hi,gi,Si), 
then all these to get X2 = (#42, ff2, <S'2), etc. If eventually some successors 
# = (#, hi,gt, Si) have very simple morphisms {hi, gi) (i.e. \Ai\ = 1 or the suffix 
complexity is zero), we can decide for each {=ff, hi, gi. Si) if there is a solution 
or not. Thus we could also solve the original problem. Otherwise, we know by 
Lemma Q that there is a number ng such that (/ii+d,5i+d) = (hi,gi) for each 
i > no, i.e. the morphisms start so cycle. Clearly to decide the marked GPCP 
it suffices to show how to solve these cycling instances. This is done in the next 
section. 

In our solution we do not construct the successors for the end blocks in E^, 
but check at each step whether there is {u, v) G such that u = v. 

Lemma 11. We can effectively check whether there is an end block {u,v) G E^ 
such that u = V. 

By a successor sequence we mean a sequence 

(#, hg, go, {sf\sf^)), ... ,{#,h„gi, (s^*\ . . . 

of instances of the marked GPCP such that each {ff,hi+i,gi+i, s^*'*'^^)) 

is a successor of (#, 5^, (s^*\ 

To end this section, notice that if = {ff,hi,gi,Si) is the set of all ith 
members in the successor sequences, we can always assume that 

(A) morphism pair {hi,gf) has a block for the letter # and 

(B) S1S2 # £ for each (si, S2) G Si. 
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For if the condition (A) does not hold, we know that no instance in Xi can 
have a solution beginning with ^ and if (B) is not satisfied by an instance, then 
that instance reduces to the marked PCP, which is decidable by |21. 



5 Cycling Instances 



In this section we show how to treat the instances that begin to cycle, i.e. there 
exists a d such that for all successor sequences 



(#, ho, go, 4 °^)), hi, gi, {s'i’ , s''^’)), ■ ■ ■ 



(b „(b^ 



(7) 



(hi,gi) = 9i+d) for all f > 0. We shall call such an instance Jq a loop 

instance, and d is the length of the loop. Next lemma follows from (2). 

Lemma 12. The sequence li = (hi,gi) has the following properties. 

(i) The size of the alphabet is constant and a{Ii) = o{Io) for all i > 0. 

(ii) An instance (ho, go) of the marked PCP has a solution beginning with a if 
and only if hi{a) = a = gi{a) for all i > 0. 

Notice that because the alphabet size does not decrease, there is a block for 
each letter a £ A. In particular, there cannot be extendible end blocks. 

Corollary 1. Assume that the instances cycle as in Q) and that a solution 
exists. Then we have two cases: 

(i) If ho{ff) = # = goiff) then the minimal solution of lo is ffw, where w 
the initial letter a of w satisfies ho{a) yf 5o(o). Henee also hi{a) yf gi{a) 
for all i >0. 

(ii) If ho{ff) yf 3o(#); then the minimal solution beginning with ff does not 
have a solution of the PCP as a prefix. 

Hereafter we will assume that /io(#) y^ 5o(#)> since the case (i) reduces 
to the following problem for each a such that ho{a) y^ go (a): Does the cycling 
instance lo have a solution beginning with a? But this is essentially the original 
problem, replaced with a. 

We would like to have some upper bound for the lengths of the new end 
blocks in the loop ( 0 . We demonstrate that if a solution exists, there is a limit 
number L such that, if a solution exists, then the minimal solution is found in 
some sequence o shorter than L. Moreover, this limit can be effectively found, 
hence the main result follows. 

In what follows, we assume that / = (ff, h,g, (si, S 2 )) has a minimal solution 
beginning with and which does not have a solution of the PCP as prefix. Then 
this minimal solution is unique, since the morphisms are marked. Consequently 
each I has a unique end block (u,v) in the block decomposition of the minimal 
solution. It follows that there exists a unique successor sequence /o,/i,... of 
instances such that 



li+i — h^(ai,vf) . 



( 8 ) 
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and (ui,Vi) is the end block of the minimal solution (beginning with of It. 
This successor sequence is called the branch of minimal solutions. Note that we 
cannot determine, which is the end block of the minimal solution, but the desired 
limit will be obtained anyway. 

Let li = (^, hi, (7i, S2*^)) be an instace of the branch of the minimal 

solutions and Wi the minimal solution of li . Recall that we permanently assume 
that ^ e and also that go(#) 7^ ^o(#), which implies that also 5i(#) yf 

hi{ff) for each i. 

Lemma 13. Let Wi he the minimal solution of li beginning with ff and (hi, gt) = 
(hi+d,gi+d) for each i. Then Wi+d < but Wi+d ^ Wi for each i. 

Proof. The instances 

Id = (#,hi,5i, and L+d = (#, h*, gi, 

share the marked morphisms, so clearly Wi < Wi^d or Wi+d < Wi, since the 
minimal solutions cannot have a solution of PCP as a prefix (recall that hifff) ^ 
gi{ff)). If w is a minimal solution to some instance I, then by Lemma 0 there 
is a solution w' to the successor of I such that w = h'{w')u = g'{w')v. Notice 
that w and w' begin with the same letter. Since e, then also uv y^ 

e and consequently |i(;| > jic'l, because the morphisms are nonerasing. Hence 
|wi+i| + 1 < |wi| Inductively \wi+t \ + t < |rci| for all t. This proves the claim. □ 

As a byproduct we obtain 

Lemma 14. If an instance occurs twice in a successor sequence, it has no so- 
lutions. 

Proof. By the proof of the previous lemma, the length of the minimal solution 
decreases strictly. □ 

An end block (u,v) of an instance I = {ff,h,g, (s,e)) satisfies the equation 

h{u)s = g{v). 

If this is an end block of a solution, then necessarily u = s'v or v = s'u for some 
word s' , and the successor of I has the end words (s', e) or (e, s'), respectively. 

Lemma 15. Let li = (^, 5 ^, (s^*\ s^*^)) be the branch of the minimal solu- 

tions of a cycling instance with loop length d. Let also Wi be the minimal solution 
of li. Then h,,{wi+d)si~^‘^'^ = 5i(wi+d)s2*~'''^^ is a prefix of hi(wf) and gi{wi). 

Proof. It is sufficient to prove the claim for z = 0. By Lemma O Wd < wq, and 
so ho{wd) < /lo(wo) and go(wd) < goiwo). We can prove that |ho(r(;d)sJ'^^ | < 
|/io(wo)| and |5o(u;d)s2‘^^ | < |5o(ii'o)|- 

Assume by symmetry that s^'^^ y^ e. Then go(wd) = hQ(wd)s^^'^ < go(wo), 
and, since ho(rco) and go(wo) are comparable, the claim follows. Similarly we 
can prove that |go(wd)s2^^ | < |go(wo)|. □ 
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Figure 1. Prefix property 



The previous lemma is used in the proof our last lemma, which gives an upper 
bound for the size of the end blocks in the branch of the minimal solutions. 

For an occurrence of a word u in g{w), its g-block covering in a solution w of 
an instance {^,h,g, (si,S2)) is a word z = g{vi)g{v2) ■ ■ ■ g(vk) such that 

1. viV2 ■ ■ - Vk is a factor of w, 

2. M is a factor of z, 

3. u is not a factor of 5(^2) . . . g{vk) or 5(^1) . . . g{vk-i), 

4. for each i, g{vi) = h(ui) is a block for morphism pair {h,g). 

Note that a 5-block covering for an occurrence of a factor u (in g{w)) is unique. 
Hence we can define the integer k to be the g-covering length of the occurrence 
of u (in w). 

Lemma 16. Let li = be the branch of minimal solutions 

of a cycling instance having loop length d. For all i > d 

(i) If Si^ ^ e, then the hi+i-covering lengths and are at most 

the gi-covering length of s^K 

(ii) If 82^ ^ £ then the gi+\-covering lengths 0 / and most 

the hi-covering length 

Proof. We denote Ii = I = {ff, h, g, (s, e) We shall consider the proof of the case 
(i), the proof for the other case is similar. Assume that for the end block of the 
minimal solution re of / is (u, u). Then h{u)s = g{v) and u ^ v or u ^ v. We 
have two cases to consider. 

(1) If rt = s'v, then |s'| < |u| and s' < h'{a) for some letter a i.e. the 
/I'-covering length is 1. 

(2) Suppose V = s'u. Recall that for all x G A*, hh'{x) = gg'{x), and therefore 
this is a catenation |a:| blocks in / = (#, h, g, (s, e)). 

Consider the minimal solution w' of the successor /' = {ff,h',g',{e,s')), 
which is obtained from / by the end part h{u)s = g{v), where g{v) = g{s')g{u). 

Then by LemmaEl the (unique) corresponding solution of I equals wp, where 
w = g'{w') = h'{w')s' is the solution for the instance {ff,h,g, {e,g{s'))). 

By Lemma El we can assume that the end words s and s' are covered by h 
and h' , respectively. That is, s is a prefix of h{x) and s' is a prefix of g'{x') for 
some words x and x' . 

It is clear that the 5-covering length of the word g{s') is at most that of the 
word s. 
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We show then that the /I'-covering length of s' is at most the (/-covering length 
of g{s'). For this, it is sufficient to show that for all prefixes g'{y') of g{w'), for 
which g'(w') > h'(y') and h'{y') = g'{z') for some z', there corresponds a word 
y such that g{y) is a prefix of g{w), h{w) > g{y) and g{y) = h{z) for some z. 

Let then y' and z' be as stated in the above. Now z' = w'x' for some word 
x', where x' < s'. We have g{g'{z')) = g{g' (w')g' {x')) < g{g'{w')s') = g{w). 
Also, g{g'{z')) = h{h'{z')) = h{h' {w'))h{h' {x)) = h{w)h{h'{x)), and therefore 
h{w) < g{g'{z')). Since g{g'{z')) = h{h'{z)), the word y = h'{z) satisfies the 
requirement, see Figure |21 
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h'{y') 
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Figure 2. Relation between g(s') and s' 



So we have proved that the /I'-covering length of s' is at most the (/-covering 
length of s. □ 

The previous lemma gives us a tool for recognizing instances which are not 
in the branch of minimal solutions. Let Ig be a cycling instance with loop length 
d and consider all the instances Id found by the first d reductions. If Ig has a 
solution then there is a unique / S Id in the branch of the minimal solutions. 

Let M be the maximal g- or /i-covering length of all the end words si and S 2 
in Id- It now follows by Lemma M that in the branch of the minimal solutions 
the gi or ft,i-covering length is always less than or equal to M. For a sequence of 
cycling instances, the suffix complexity is constant (j(/g) and since the blocks of 
an instance I are the images of the successor I+i, the block length can never 
be more than CT(/g) -I- 1. By the previous lemma we have 

Corollary 2. Let /g, . . . , 7j, . . . be the branch of the minimal solutions of a 
cycling instance with loop length d. For each i > d, the end words of It are not 
longer M{a{I) + 1). 

Now we are ready to prove the Theorem ^ 

Proof of Theorem^ It remains to be shown how to solve the marked GPCP 
for the cycling instances Ig. A cycling instance has the blocks for all the letters. In 
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particular, there are no extendible end blocks and only finitely many successors. 
The successor relation naturally defines a tree T having /q as the root, all the 
successors of /q as the vertices and the pairs { 1 , 1 ') as the edges. 

The decision procedure is based on constructing T partially by first inserting 
the vertices having depth (the distance from the root) at most d and then com- 
puting the number M, the maximal covering length of the end words of instances 
at the depth d. For all vertices we check whether there is an end block {u, v) G 
such that u = as in Lemma GH And for all vertices I = (#, h,g, (si, S2)) that 
have S1S2 = e, we can always decide if they have a solution or not. If some such 
vertex I has no solution, then / and all the successors of I can be removed. On 
the other hand, if some such I has a solution, then /q also has a solution and 
the procedure may stop. 

For the vertices having depth greater than d, the (partial) construction of T 
is more specific: Only the successors I = (#, /i, g, (si, S2)) that satisfy |siS2| < 
M{a{Io) + 1 ) are inserted. By Corollary El the branch of minimal solutions is 
included in the partial construction. 

But now there are only finitely many instances to be inserted, so each path 
(successor sequence) in the partially constructed E will eventually contain an 
instance twice, thus Iq has no solution by Lemma El unless some vertex I = 
(#, h, g, (e, s)) has or at some vertex (u, u) G E^. □ 

In Q Ehrenfeucht, Karhumaki and Rozenberg proved that the binary PCP, 
i.e. for the instances (h,g), where h,g: A* — >■ B* and |A| = 2 , is decidable 
if and only if the binary GPCP is decidable for marked morphisms. Therefore 
Theorem Q has the following corollary. 

Corollary 3. The binary PCP is decidable. 
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Abstract. In this paper, we investigate time-constrnctible functions in 
one-dimensional cellnlar automata (CA). It is shown that (i) if a func- 
tion t{n) is computable by an 0{t{n) — n)-time Turing machine, then 
t{n) is time-constructible by CA and (ii) if two functions are time- 
constructible by CA, then the sum, product, and exponential functions 
of them are time-constructible by CA. As an example for which time- 
constructible functions are required, we present a time- hierarchy theorem 
based on CA. It is shown that if ti(n) and t 2 {n) are time-constructible 
functions such that limn-»oo = 0, then there is a language which can 
be recognized by a CA in t 2 (n) time but not by any CA in ti(n) time. 



1 Introduction 



One of the simplest models of parallel computation is cellular automata (CA). 
A CA is a one-dimensional array of identical finite-state automata, called cells, 
which are uniformly interconnected. Every cell operates synchronously at di- 
screte time steps and changes its state depending on the previous states of itself 
and its neighbors. 

Various algorithms have been designed on CA: For example. Cole pre- 
sented real-time recognition algorithms for concrete languages, including palin- 
dromes and the set of strings of the form ww. Korec designed real-time 

algorithms for generating primes. Mazoyer and Terrier PI considered signals and 
investigated constructibility of functions, such as k^, ki + 
and i\, where A: > 0 is an integer and f = 0,l,2,---. Also, Buchholz and Kutrib |2j 
investigated constructibility of functions in one-way CA, in which information 
is allowed to move in one direction. (More information on CA-algorithms may 
be found in [I I I3lbl9l 1 1 )l I 31 1 71 1 81 1 9l2llj . 1 

In this paper, we continue the study of constructible functions, started by 
Mazoyer and Terrier PI. We show that if a function t{n) is computable by 
an 0{t{n) — n)-time Turing machine (TM), then t{n) is constructible by CA. 
Since the set of computable functions by TMs is known to be very rich |S|, 
most common functions are constructible by CA. The set of CA-constructible 
functions includes cn^ , n-l-log'^ n, nlog® n, n(loglogn)'*, etc., where c > 1, r > 1, 
and s > 0 are rational constants. Furthermore, we show that if functions f{n) > 
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n and g{n) > n are constructible by CA, then /(n) -I- g{n) — n > n, [/(n) • 
g(n)/n\ > n, g{n}^^^\ etc. are constructible by CA. (Of course, f{n)+g{n) > 2n 
and f{n) ■ g{n) > are also constructible.) 

As an example for which constructible functions are required, we present a 
time-hierarchy theorem based on CA. It is shown that if ti(n) and t 2 {n) are 
constructible functions such that lim„_,.oo = 0, then there is a language 
which can be recognized by a CA in t 2 {n) time but not by any CA in ti(n) time. 
Therefore, a slight increase in the growth rate of a time-function yields a new 
CA-based complexity class. 

The first general investigation of constructibility of functions was given 
in m The model in m is the so-called impulse cellular automaton, which 
is a semi-infinite array (with left boundary) of cells such that, at initial time, all 
cells are in the quiescent state except the leftmost cell is in a distinguished state. 
On this model, Mazoyer and Terrier presented signals which reach the leftmost 
cell at time -|- -|- [logiJ,d, etc., where fc > 0 is an integer and 

1 = 0, 1, 2, • • •. Our model is essentially the same model as P!; however, in order 
to present a hierarchy of languages recognized by CA, our model is defined as a 
string acceptor. In our model, the input string ai 02 • • • fln is fed serially to the 
leftmost cell. We consider constructibility of functions t{n) in the sense that the 
leftmost cell falls into an accepting state at time t{n). 

A bounded CA, which is a finite array (delimited by special cell # at both 
ends) of n cells, is another common model for cellular acceptors. All results 
in this paper concerning constructible functions hold even if the model is a 
bounded CA. Buchholz and Kutrib |2| used a bounded CA and investigated 
constructibility of functions under the condition that information is allowed to 
move in one direction (called one-way CA, OCA). They showed that the set 
of OCA-constructible functions includes fc, kn, kn + n + [lognj, and 

2n -|- [log lognj, where k is an integer. They also showed that for any integer k, 
there is an OCA-constructible function in 0{n^). However, whether (fc > 2) 
is OCA-constructible remains an open problem. 

For the time-complexity class of n-time OCA, several separation results have 
been known. It was shown that one-letter languages {0^| p is prime} [7| and 
{0^ I i is integer} g] can be recognized by 0(n)-time OCA but not by any n- 
time OCA. Terrier ^ showed that the class of languages accepted by n-time 
OCA is not closed under concatenation; in the proof, a language recognized by 
0(n)-time OCA but not by n-time OCA is presented. 

In the following section, we give the definition of CA. Main theorems are 
summarized in Section 0 The proofs are given in Sections 111 and 0 

2 Cellular Automata 

A cellular automaton (CA) is a synchronous highly parallel string acceptor, con- 
sisting of a one-dimensional semi-infinite array (with left boundary) of identical 
finite-state automata, called cells, which are uniformly interconnected (Fig. 1). 

A cellular automaton M is a 6-tuple M = {Q, S, #, 6, q, Qa), where 
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C] Cl C3 C4 



Fig. 1. Cellular automaton 



(1) Q is the finite nonempty set of cell states, 

(2) 27 is the finite input alphabet, 

(3) # is the special boundary symbol not in 27, 

(4) (5 : Q U 27 U {#} x Q x Q ^ Q is the local transition function, 

(5) q is the quiescent state such that S{q, q, q) — q, 

(6) Qa is the accepting subset of Q. 

Ci denotes the cell assigned to the integer j > 1. At step t = 0, the state of 
each cell is the quiescent state. The input string 0102 • • • a„, where € 27, is fed 
serially to the leftmost cell Ci. The symbol Ui, 1 < i < n, is received by the cell C\ 
at step i — 1. After step n — 1, it receives the boundary symbol #. The leftmost 
cell C\ is called the accepting cell. A parallel time-complexity measure t(n) is 
introduced as the number of steps used to make the accepting cell fall into an 
accepting state on an input of length n. A function t(n) is said to be constructible 
if, for each n, there is a CA whose accepting cell falls into an accepting state at 
step t{n) on all inputs of length n. 

3 Main Results 

It is known that the set of functions computable by TMs is very rich. Thus, we 
first show the relation between TM-computability and CA-constructibility. Let 
bin{n) denote the binary representation of the value n. 

Theorem 1. Suppose that t{n) is an arbitrary function such that there is 
a TM which, given a string bin(n) of length [logn], generates bin{t(n)) in 
time 0{t{n) — n). Then, the function t{n) is constructible by CA. 

The proof of Theorem Q] is given in Section 0 This theorem implies that 
the set of functions constructible by CA includes functions computable by 
polynomial-time TMs. 

Corollary 1. Suppose that t{n) is an arbitrary function such that (i) t{n) > cn 
for some constant c > 1 and (ii) there is a TM which, given a string bin(n) 
of length [logn], generates bin(t(n)) in time polynomial in logn. Then, the 
function t{n) is constructible by CA. 

The set of constructible functions includes cn’’, n + log^ n, nlog^ n, 
n(loglogn)®, etc., where c > 1, r > 1, and s > 0 are rational constants. Furt- 
hermore, we show that if two functions are constructible by CA, then the sum, 
product, and exponential functions of them are constructible. 
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Theorem 2. (i) If n + f(n) and n + g{n) are constructihle, then n + f{n) + g{n) 
and n + f(n) ■ g(n) are constructihle. (ii) If n ■ f (n) andn-g(n) are constructihle 
functions not hounded hy (1 -I- o(l))n, then [n ■ f{n) ■ g{n)\ is constructihle. 
(Hi) If f{n) and g{n) are constructihle and k is an integer, then g{n)^ , 

and are constructihle. 



Remark 1. It is possible to show that if f{n) > n and g(n) > n are constructihle, 
then f{n) + g(n) (> 2n) and f{n) ■ g{n) (> n^) are constructihle. Constructihle 
functions in (i) and (ii) of Theorem El include functions below 2n and n^, res- 
pectively. 

We prove Theorem El in Section El A typical example for which constructihle 
functions are required is a time-hierarchy theorem. We show that a slight increase 
in the growth rate of a time-function yields a new CA-based complexity class. 

Theorem 3. Suppose that ti(n) and t 2 {n) are constructihle functions such that 
lim„_>oo = 0. Then, there is a language which can he recognized hy a CA in 
t 2 {n) time hut not hy any CA in ti{n) time. 

The proof of Theorem 0 is given in Sectional 

4 Time Constructibilities of Functions 

4.1 Data Structures 

In this section, we investigate constructibility of functions in cellular automata. 
Our strategy is not based on signals. We compute the value of a function in 
binary, and terminate the machine at the time specified by the value. We use 
the following data structure. 

Each cell of CA is divided into tracks. The states of the first and second tracks 
in the fth cell are denoted by Ci and hi, respectively, where Ci € { — 1,0,1} and 
hi G {0, 1}. (If the fth cell is in the quiescent state, Ci and hi are regarded as 0.) 
We represent a single value v using the first and second tracks. Configurations, 
say, B — 6162 ■ ■ - hi - ■ ■ and C = C\C 2 ■ ■ ■ Cf ■ represent value v if 

00 00 

i=l i=l 

Intuitively, each Ci plays a role as a carry bit. For example. 



C = 01010000--- .. 

B=10110000--- 

represent value 33. The pair of tracks is called the counter. The counter is said to 
be stable if Cj = 0 for all * > 1. The counter changes its configuration towards a 
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stable one. That is, transition rules for the first and second tracks are as follows: 







(b)5 

(e)<5 



1 * * \ 

* 1 * j ^ 



1 * * \ 
* 0 * y 







(c)<5 



0 * 

* 1 * y 



(f)5 



0 * * \ 
* 0 * y 




Here, $ G H U {#} and * G {0)1}- For example, the above configuration (0 
changes towards a stable one as follows: 



$010100 $001000 $000100 $000010 $000000 
$101100 ^ $100110 ^ $ 100010 ^ $ 100000 ^ $100001 



Each of the five pairs represents the same value 33. 



4.2 Storing Value n into a Counter in n Steps 

Lemma 1. Wt can store the value n of the input length into the counter in 
n steps. 



Proof. Let M be a CA. Each cell of M is divided into three tracks. The first and 
second tracks are the counter. The third track is used for indicating the right- 
most 1 in the counter (which we need in Lemma|3) . M changes its configuration 
according to the following rules: 



(a’) <5 
(d’)<5 
is)s 



#1*; 



-> 






a * 

a I * J 




{h)S 

{e)S 

{h)S 



1 !|! !|! \ 

* 1 * y 






1 * * \ 

> 1 = 0 * y 






a * * 
a 0 >1= 







(c)5 

(f)(5 



0 >1= >1= \ 
* 1 * y 



0 * * \ 

>1= 0 >1= y ^ 




Here, a £ S and * G {0,1}. Note that rules (a) and (d) are replaced by (a’), 
(d’), (g), and (h). 

We give an example for an input string 0102 - --ae G S* . At step 6, the 
value in the counter becomes 6. The configuration of the counter changes until 
it becomes a stable one (but the value 6 does not change). 



ttiOOOOOO-- 

aiOOOOOO" 

aslOOOOO-- 

agOlOOOO-- 



O2000000 • • 

a2l00000-- 

aeOlOOOO-- 

aelOOOOO" 



aglOOOOO- • 
a3000000•• 

#100000 •• 
#001000•• 



O4000000 • • • 

04110000- •• 

#000000 • • • 
# 011000 - •• 



Lemma 2. Suppose the counter contains the value v. We can decrease the value 
in the counter one by one from v to 0 in v steps. 
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Proof. We replace rules (a),(d) in Section EH bv (a”),(d”), and add rules (i),(j). 



(a”) <5 

(d”) -5 




{ 1)6 



— 1 * * \ 
* 1 * y 








(c) 6 
{i)S 



0 * * \ 

* 1 * y 

0 * * \ 

* 0 * y 




Here, $ G EVJ{ff} and * G {—1, 0, 1}. The following example for u = 12 illustrates 
the proof. (Here, we use the symbol 1 instead of —1.) Recall that one of the tracks 
is used for indicating the rightmost 1 in the counter (see Lemma P). When the 
rightmost 1 reaches the left end, we use rules (a),(d) instead of (a”),(d”). 



$110000 


$111000 


$010000 


$ 100000 


$ 000000 


$011000 ^ 


$ 100000 ^ 


$011100 ^ 


$110100 ^ 


$000100 


$100000 


$ OTOOOO 


$T0T000 


$000000 


$100000 


$100100 ^ 


$010100 ^ 


$111100 ^ 


$001000 ^ 


$ 101000 


$ OTOOOO 


$100000 


$ 000000 






$011000 ^ 


$110000 ^ 


$ 000000 







4.3 CA-Constructibility of Functions 

Now we are ready to give the proof of Theorem For simplicity, we first prove 
Corollary [0 in this section. Then, we extend the proof to the general case in 
Section H.41 

Suppose that t{n) is a function such that there is a TM which, given a string 
bin{n) of length [logn], generates bin{t{n)) in time polynomial in logn. We 
construct a CA M whose accepting cell falls into an accepting state at step t{n). 

For simplicity, we assume t{n) > 2n. The case where t{n) = cn for 1 < c < 2 is 
considered in Section^31 We divide t{n) steps into \ t{n)/n\ stages of n steps and 
the remaining x steps, where t{n) = \ t{n)/n\ ■ n + x. Each cell of M is divided 
into tracks in order to use counters. In the first stage, M uses the algorithm 
given in Lemma ^ namely, M stores the value n into a counter in n steps. 
This counter is used for counting the n steps of the second stage. In the second 
stage, M also generates the values of \t{n)/n\ — 2 and x in some tracks by 
simulating TMs computing \ t{n)/n\ —2 and x. (Since t{n) is computable in time 
polynomial in logn, so are \t{n)/n\ — 2 and x. These polylog-time procedures 
can be done in the n steps of the second stage because of the linear speed- 
up theorem US!-) Therefore, at step 2n, M has values n, \ t{n)/n\ — 2, and x. 
M counts from n to 0, \t{n)/n\ — 2 times (which consumes n x ([f(n)/nj — 2) 
steps). Finally, M counts x. Hence, the accepting cell can fall into an accepting 
state at step t{n) = 2n+ {[t{n)/n\ — 2)n + x. 
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In order to count n repeatedly, M uses three counters, say, CTi, CT 2 , 
and CT3. CT 2 and CT 3 are used alternately; while CT3 (resp. CT 2 ) is coun- 
ting n steps, M copies the value n in CTi into CT 2 (resp. CT 3 ). This completes 
the proof of Corollary 



4.4 Extension to the General Case 

In this section, we give the proof of Theorem 01 Suppose that t{n) is a function 
such that there is a TM which, given a string hin(n), generates bin(t(n)) in 
time 0{t{n) — n). We construct a CA M whose accepting cell falls into an 
accepting state at step t{n). We divide t{n) steps into three stages. In the first 
stage, M stores the value n into counters in n steps as in Section ITTH 

The second stage is further divided into sub-stages. In the first sub-stage, 
M executes the following (i) and (ii) simultaneously: (i) M generates the va- 
lue t{n) by simulating a TM computing t(n). By assumption, this can be done 
in (f(n) — n)jc steps for constant c. Then M computes t(n) — n in time 0(log n), 
which is bounded by 0{t{n) — n) because the input of the 0{t{n) — n)-time TM 
computing t{n) has length [logn]. (ii) M counts the number, say, Ui, of steps 
of the first sub-stage. When the first sub-stage is finished (i.e., at step n-\- m), 
M has the value t{n) — n. In the second sub-stage, M computes t{n) — n — u\ 
by simulating a TM, while M counts the number, say, M 2 , of steps of the second 
sub-stage. Thus, at step n -I- mi -I- M 2 and M has the value t{n) — n — u\. The 
value t{n) — n — ui can be computed in O(logMi) steps because Mi is represen- 
ted in binary. Similarly, in the third sub-stage, M computes t{n) — n — u\ — U 2 
in 0 (logM 2 ) steps (= O(loglogMi) steps), and counts M 3 . Continuing this pro- 
cedure until the number, say, ui, of steps of the /th sub-stage is m/ = 1. At 
the end of the Zth sub-stage (i.e., at step n -I- mi -I- M 2 -I- • • • -I- mj), M has the 
value t{n) — n — u\ — U 2 — ■ ■ ■ — ui-\. 

In the third stage, M uses the algorithm given in Lemma 0 the value t{n) — 
n — u\ — ■ ■ ■ — ui-i is decreased one by one. When the value becomes 1 (at 
step t{n)), M makes the accepting cell fall into an accepting state. 

It should be noted that the value t{n) — n—ui -—ui-i is larger than 0 if the 

value t{n)—n can be generated in time mi = {t{n) — n)/c for a sufficiently large c. 
The remaining M 2 , M 3 , ... , mj_i are much smaller than mi, since Ui = 0(log Ui-i) 
foY 2 < i < I — 1. This completes the proof of Theorem ^ 

5 Constructibilities of / + f • g, and 

5.1 Constructibility of f{n) + g{n) 

Suppose that functions n-\- f{n) and n-\- g{n) are const ructible. We construct a 
CA M whose accepting cell falls into an accepting state at step n-\- f{n) -I- g{n). 
Without loss of generality, we assume f{n) < g{n). 

Each cell of M is divided into tracks. M executes the following (i) and (ii) 
simultaneously: (i) M simulates two CAs whose accepting cells fall into accepting 
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states at step n + g{n) and at step n + f{n), respectively, (ii) At step n, M starts 
to count the number of steps. At step n + f{n), the value becomes f{n). At 
step n + g{n), M starts to decrease the value /(n) one by one. When the value 
becomes 0 (at step n + f{n) -I- g(n)), M makes the accepting cell fall into an 
accepting state. 

5.2 Constructibility of /(n) • g{n) 

Construction from n + /(n) and n + g{n): Suppose that functions n+ f{n) 
and n + g{n) are constructible by CA. We construct a CA M whose accepting 
cell falls into an accepting state at step n+f{n) ■g{n). Since n+f{n) and n+g{n) 
are constructible, the values f{n) and g{n) are integers for all n. Without loss 
of generality, we assume f{n) < g{n) and /(n) > 1 . 

From step 0 to step n + g{n)^ M generates the values /(n), g{n), and n + g{n) 
in counters in a manner similar to Section o M decreases the value from g{n) 
to 0, (f{n) — 1) times. By this procedure, M consumes g{n) x (/(n) — 1) steps, 
and thus it is now at step n -|- f{n) ■ g{n) = (n + g{n)) + g{n) x (/(n) — 1 ). 
M makes the accepting cell fall into an accepting state. 

Construction from n • f{n) and n • g{n): Suppose that functions n • f{n) 
and n- g{n) are constructible by CA. We construct a CA M whose accepting cell 
falls into an accepting state at step [n • f{n) ■ g{n)\. Without loss of generality, 
we assume /(n) < g(n). Since n ■ f(n) and n ■ g{n) are constructible functions, 
the values of them are integers for all n. However, the value f{n) or g(n) may 
not be an integer. Since n ■ f{n) is not bounded by (1-1- o(l))n, f{n) > 1 -I- e for 
some constant e > 0 . 

From step 0 to step n ■ g{n), M generates the values n ■ f(n) and n • g{n). 
M executes the following procedures (i) and (ii) simultaneously, (i) M counts 
the number, say, ui, of steps required for (ii). (ii) As in Section l4.;-it M computes 
the value [(n^ • f{n) ■ g{n))/n\ —n-g{n) (by simulating a TM). Thus, at step n- 
g{n) + ui, M has the value [n • f{n) ■ g{n)\ — n ■ g{n). Then, M computes 
[n • /(n) • g{n)\ — n ■ g(ji) — ui, while M counts the number, say, M 2 , of steps 
required for this procedure. Continuing this procedure until M has the value [n- 
/(n) • g{n)\ — n ■ g(n) — ui — ■ ■ ■ — ui-i at step n • g{n) + u\ + ■ ■ ■ + ui, where 
ui = 1. M decreases this value one by one. When the value becomes 1 (i.e., at 
step [n • f{n) ■ g(n)J), M makes the accepting cell fall into an accepting state. 

It remains to show that [n • /(n) • g{n)\ — n ■ g(n) — ui — ■ ■ ■ — ui-i > 0. It 
is clear that [n ■ f{n) ■ g{n)\ — n ■ g{n) > en ■ g{n) — 1, since /(n) > 1 -|- e. The 
value [(n^ • /(n) • g{n)) /n\ — n ■ g{n) can be computed in m = 0 (log^(n • g(n))), 
which is smaller than en ■ g(n) — 1. The remaining M 2 , M 3 , . . . , u;_i are much 
smaller than u±, since Ui = 0(logUi-i) for 2 < i < I — 1. 

5.3 Constructibility of 

Suppose that functions /(n) and g{n) are constructible by CA. We construct a 
CA M whose accepting cell falls into an accepting state at step g{n)^^'^\ (The 
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proofs of constructibility of and g{n)^ are omitted, since they are analogous 
to 

M executes the following procedures (i) and (ii) simultaneously, (i) M 
counts the number, say, u\, of steps required for (ii). (ii) M generates the va- 
lues f{n) and g{n); then, M computes g(n)-^^"^ by simulating a TM working in 
0{f{nY log^ g{n)) time. By this procedure, M has the value g(n)-^^”^ at step ui. 
In the same technique as above, M has the value (/(n)-^(”) — ui — • • • — ui-\ at 
step u\ + ■ ■ ■ + ui, where ui = 1. M decreases this value one by one. When the 
value becomes 1 (i.e., at step (/(n)^^"^), M makes the accepting cell fall into an 
accepting state. 

6 Time Hierarchies of Cellular Automata 

The proof is by diagonalization. We construct a f2(fi)-time CA M recognizing 
a language L(ti{n)) which cannot be recognized by any ti(n)-time CA. First of 
all, we fix the encoding rule of CA. 

6.1 Encoding Rule of CA 

All languages in this section are over {0, 1}. We denote the states of CA 
by For simplicity, we assume that q\ is the unique accepting 

state and <72 is the quiescent state. State Qi is encoded into string 10* of 
length z -I- 1. For example, we encode a transition rule, ^(93,(75,92) = 94, into 
string 100010000010010000. The encoding of a CA, called the encoding se- 
quence, is a concatenation of the encodings of the transition rules. The enco- 
ding sequence is followed by a sufficiently long string y = 1100- • • 0, called the 
padding sequence. The prefix 11 of the padding sequence indicates the bound- 
ary between encoding and padding sequences. Let ■0(n) be a function defined 
as ■0(n) = {\t 2 {n)/ti{n)\Y/^ . Note that ip{n) ^ 0(1). (The reason why we 
define such a function is given later.) The condition for y is |x| < z/’(|a;j/|). 
For any encoding sequence x, there are an infinite number of strings xy such 
that |x| < %p{\xy\). 

Let Mx denote the CA whose encoding sequence is a;. If x is not a proper 
encoding sequence, we regard as a CA accepting 0. The language L{ti{n)) 

is defined as {xy | does not accept xy within time ti(|xy|)}. 

Lemma 3. Any CA cannot accept the language L{t\{n)) in time t\{n). 

Proof. Assume for contradiction that there exists a CA, say, Mj,, which can 
accept L{ti{n)) within ti(rz) steps. Consider a string xy, where x is the encoding 
sequence of and 77 is a sufficiently long padding sequence. If xy is given to 
as an input, the following (i) or (ii) must be true: (i) does not accept xy 
within ti{\xy\) steps, (ii) accepts xy within t\{\xy\) steps. Suppose (i) is 
true. From the definition of L(ti{n)), xy belongs to L, which contradicts the 
assumption and (i). Suppose (ii) is true. Again, from the definition of L{ti{n)), 
xy does not belong to L, which contradicts the assumption and (ii). ■ 
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In the following section, we construct a CA M accepting L{ti{n)) in 
time t 2 {n). 



6.2 Constructing CA M Accepting L{t^{n)) 

Since the linear speed-up theorem holds for CA US], we construct an 0{t2{n))- 
time CA M . M accepts the input string if and only if the following conditions 
are met: (1) The tail of the input string is a padding sequence y = 1100- --O 
(i.e., the input string can be written as xy for some x S {0,1}*). (2) x is a 
proper encoding sequence of some CA, say, M^- (3) \x\ < tp{\xy\). (4) does 
not accept xy in time ti{n). 

In order to verify these conditions in parallel, each cell of M is divided into 
tracks. Verifying (1) in n steps is easy and is omitted. (2) Verifying whether 
the syntax of the encoding sequence is proper can be done by a single scan 
just as in finite automata. Therefore, M can verify conditions (1) and (2) in 
n steps. (3) The value of [t 2 {n)/ti{n)\ can be computed by counting how many 
times M can simulate a <i(n)-time CA during t 2 {n) steps. The value of tpin) = 
( [t 2 {n) /ti(n)J can be computed in time polynomial in log '0(n) by simulating 

a TM which computes the square root of a given value. If at least one of the 
three conditions is not satisfied, M simply rejects the input string. It remains to 
consider condition (4). 

In order to verify whether accepts xy within ti (n) steps, M simulates 
on input xy. First of all, M stores the input string xy of length n into cells 1 
through n. We denote the ith cell of by Si. Since M simulates ti{n) steps 
of Mx, M considers fi(n) cells of M^. These cells are simulated by M using 
|x| • ti{n) cells, where x is the encoding sequence of the input string. M divides 
|x| • ti{n) cells into blocks, say, Bi,B 2 , . . ., each of length |x|. M’s block Bi corre- 
sponds to Mx^s cell Si. Each block Bi is divided into two tracks in order to store x 
and the state of Si. Therefore, every block has all transition rules of Mx. Gene- 
rating such blocks in \x\-ti{n) cells can be done in time 0(ti(n)(V'(n))^). (Recall 
that |x| < '4>{n).) Thus, M can finish the above procedure in ti(n)(^/>(n))^ steps. 

At step ti(n)('0(n))^, M starts to simulates Mx on input xy. M’s computa- 
tion is divided into time-segments each of length 1. (I is fixed later.) A single step 
of Mx’s cell Si can be simulated by M’s block Bi in 0((^(n))^) steps, since each 
block has length tj}{n). If I is larger than c{ijj{n))‘^ for any large constant c, then 
M can simulate a single step of Mx in each time-segment. Therefore, I is defined 
as I = {ip{n))^ 2'tfj{n). The reason for the additive 2ip{n) is as follows. In or- 

der that every block starts each time-segment simultaneously, every block has a 
counter for counting {tp{n))^ steps (see Section ICT for a counter). At step {tp{n))^ 
in each time-segment, each block uses the firing squad synchronization algorithm 
so that every cell in the block simultaneously starts the simulation for the next 
time-segment, which requires additive 2^(n) steps. 

Since ti(n) is a constructive function, M can make ti(n)-step simulation 
of Mx. After the ti(n)th time-segment, M accepts the input string xy if and 
only if Mx does not. 
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The time-complexity of the above simulation is bounded by 0(ti(n)(f/'(n))^), 

which is less than t 2 {n) because 'ip{n) < {t 2 {n) . Therefore, M can 

accept L{ti{n)) in time t 2 {n). This completes the proof. 
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Abstract. The unique satisfiability problem, that asks whether there 
exists a unique solution to a given propositional formula, was extensively 
studied in the recent years. This paper presents a dichotomy theorem 
for the unique satisfiability problem, partitioning the instances of the 
problem between the polynomial-time solvable and coNP-hard cases. We 
notice that the additional knowledge of a model makes this problem 
coNP-complete. We compare the polynomial cases of unique satisfiability 
to the polynomial cases of the usual satisfiability problem and show that 
they are incomparable. This difference between the polynomial cases is 
partially due to the necessity to apply parsimonious reductions among 
the unique satisfiability problems to preserve the number of solutions. In 
particular, we notice that the unique not-all-equal satisfiability problem, 
where we ask whether there is a unique model such that each clause has 
at least one true literal and one false literal, is solvable in polynomial 
time. 



1 Introduction 

The satisfiability problem SAT of a propositional formula in conjunctive normal 
form is a well-known NP-complete problem. Schaefer analyzed the gene- 

ralized satisfiability problem, where each clause is represented by an arbitrary 
logical relation. He presented a Dichotomy Theorem for the generalized satisfiabi- 
lity problem, exhibiting conditions under which the problem is polynomial-time 
solvable, otherwise the problem is NP-complete. A similar dichotomy theorem 
was presented in irrrran] for the problem ^SAT of counting the number of mo- 
dels (i.e., truth assignments) of a propositional formula. In particular, Creignou 
and Hermann show that if a decision satisfiability problem is intractable (NP- 
complete) then the corresponding counting satisfiability problem is also intrac- 
table (#P-complete). 

The unique satisfiability problem unique sat is defined as follows: given 
a propositional formula, is it true that it has a unique model (i.e., a unique 
satisfying truth assignment)? UNIQUE SAT is known to be coNP-hard |H(I82j . 
but it is not known whether it is in coNP. This problem is known to be only in 
DP, the class of languages equal to an intersection of two languages, one from 
NP and the other from coNP. unique sat is therefore an intriguing problem 
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from the point of view of collapsing complexity classes (see |Pap94| , Chapter 17] 
or EMna). We associate to unique sat the problem another sat defined as 
follows: given a propositional formula (f> and a model m of </>, is it true that there 
exists another model of cj) different from ml It is clear that there is a certain 
relation between the two problems. If there is an instance of UNIQUE SAT that is 
true, then the corresponding instance of another sat must be false. Conversely, 
if an instance of another sat is true then the corresponding instance of UNIQUE 
SAT must be false. In this paper, we investigate the relation between unique 
SAT and ANOTHER SAT in terms of complexity. We study the polynomial-time 
solvable cases of both problems and compare it with the intractable cases. We 
also relate the intractable cases between the two problems. 

Several polynomial-time solvable cases of UNIQUE SAT were studied in the 
literature. Minoux m noticed that for any subclass of polynomial-time sol- 
vable instance of the satisfiability problem with constants, unique sat is also 
solvable in polynomial time. In particular, Hansen and Jaumard proposed 

a linear time unique sat algorithm for 2SAT formulas, whereas several efficient 
UNIQUE SAT algorithms for Horn formulas were presented in the papers |IVIinb‘2l 
IRFSfl5IPre93|. ranging from quadratic to linear time. It would be interesting to 
know whether the four polynomial cases of SAT (namely Horn, anti-Horn, affine, 
and 2SAT formulas) are the only polynomial cases of unique sat. Another 
interesting question is to know how the polynomial-time solvable cases of unique 
SAT and ANOTHER SAT relate to each other. 

Both problems unique sat and another sat involve some rudimentary 
counting. For this reason we cannot relate general unique satisfiability problems 
through ordinary polynomial many-one reductions. It is not enough to relate 
these problems through counting (sometimes also called weakly parsimonious) 
reductions (see Chapter 18], or for a definition). Roughly spea- 

king, a counting reduction R associates one solution of an input a; to a constant 
number of solutions of the instance R{x) . Hence, in general, a counting reduction 
may reduce an instance a; of a problem A with a unique solution to an instance 
R{x) of a problem B with more solutions. Therefore we need to apply only re- 
ductions that exactly preserve the number of solutions between instances of the 
problems unique sat and another sat, respectively. The number of solutions 
between instances is exactly preserved by the parsimonious reductions. Notice 
in this connection that it was not always possible to derive ^P-hardness lo- 
wer bounds for generalized satisfiability counting problems in using only 

parsimonious reductions. Creignou and Hermann were obliged to apply weakly 
parsimonious reductions in the presence of the so-called complementive formu- 
las. This indicates that complementive logical relations will be of special interest 
for the UNIQUE SAT and another sat problems. 

2 Preliminaries 

Let us recall some basic definitions and notions concerning complexity classes, 
reductions, and complete problems. More information can be found in the mono- 
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graphs khlYlHPa,rr94 |. Some parts of these preliminaries are taken from 
or and are quoted only for self-containment of the paper. 

We assume the knowledge of the following notions and notation. NP is the 
class of decision problems (languages) that can be solved in polynomial time 
by a nondeterministic Turing machine, coNP is the class of decision problems 
(languages) whose complements are in the class NP. For example, the problem 
SAT of deciding the satisfiability of a propositional formula in conjunctive normal 
form is in NP, whereas the UNSAT problem of deciding whether a propositional 
formula is unsatisfiable is in coNP. 

Let A and B be two decision problems (languages) . A polynomial-time many- 
one reduction from A to i? is a polynomial-time computable function R from 
string to strings, such that for all inputs x the following holds: x G Aif and only if 
R{x) G B. For our purposes we will need parsimonious reductions that preserve 
the number of solutions. A polynomial reduction R from A to S is parsimonious 
if, for all X G A, there is an equality between the number of solutions of x and 
R{x). In particular, if there is a unique solution of the instance a: of a problem A 
and there is a parsimonious reduction R from AtoB then the instance R{x) of 
the problem B has a unique solution, too. 

Let C be a complexity class. A decision problem A is C-hard if for all problems 
B G G there exists a polynomial-time reduction from B to A. If in addition A is 
a member of C, then we say that the problem A is C-complete. 

Let S = {i?i, . . . , Rm] be a finite set of logical relations. A logical relation is 
defined to be any subset of {0, 1}^ for some integer fc > 1. An iS-formula is any 
conjunction of clauses, each of the form Ri{v), where is a vector of not ne- 
cessarily distinct variables. We overload the symbol R for a logical relation and 
the corresponding formula. The unique S -satisfiability problem unique SAt(S') 
is the problem of deciding whether a given S'-formula has a unique model. The 
another S -model problem another SAt(S') is the problem of deciding whether 
a given S'-formula has another model different from a given model m. The pro- 
blems UNIQUE SATc(S) and ANOTHER SATc(S) are the variations of UNIQUE SAT 
and ANOTHER SAT, respectively, where the Boolean constants are allowed to 
occur in the formulas (e.g., R(x,0,z) is allowed). The problems UNIQUE 3sat and 
ANOTHER 3sat are the versions of UNIQUE SAT and another sat, respectively, 
where every clause of the propositional formula contains three literals. The main 
result of our paper characterizes the complexity of unique SAt(S) and another 
SAt(S) as properties of the logical relations in the set S. 

If a; is a variable, x denotes its negation. If <() is a formula, Var{(p) denotes the 
set of variables occurring in (j). We denote by Sat(^) the set of truth assignments 
(models) m: Var{(j>) — >■ {0, 1} that satisfy f. We denote a model m = (6i, . . . , 6„) 
as a string &i • • • of its concatenated values. Let m, mi, m 2 G Sat((/>) be models 
of the formula f. We define the following four operations on models: 

— TO is defined by m(x) = 1 iff to(x) = 0 and m(x) = 0 otherwise, 

— TO = TOi © m 2 ' m{x) = 1 iff mi(x) m 2 {x) and m{x) = 0 otherwise, 

— TO = TOi A m 2 '- m{x) = 1 iff TOi(a;) = m 2 {x) = 1 and m{x) = 0 otherwise, 

— TO = TOi V m 2 '- m{x) = 0 iff TOi(a;) = m 2 {x) = 0 and m{x) = 1 otherwise. 
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Two formulas (f> and ip are logically equivalent if and only if they have the 
same variable domains and their sets of models coincide. Two formulas p and ip 
are quasi-equivalent [t™i if and only if there exists a bijection between the 
sets Sat((/)) and Sa.t{ip), such that each pair of models m and m' in the bijec- 
tion coincides on the common variables of the formulas p and p, i.e, such that 
m{x) = m! {x) holds for every variable x € Var(p) fl Var(p). As a consequence, 
the sets of models Sat((/>) and Sat(p) have the same cardinality. The notion 
of quasi-equivalence is important in the presence of parsimonious and counting 
reductions, as it was shown in ICH2S1, since it preserves the number of solutions. 

If (/) is a formula, u is a variable, and I is a literal or a Boolean constant, then 
p[l/v] denotes the formula obtained from p by replacing each occurrence of v 
by 1. If y is a set of variables, then p[l/V] denotes the result of substituting I 
for every occurrence of each variable in V. We denote by \p] the logical relation 
defined by the formula p, when the variables are taken in lexicographic order. 
The relation l-in-3 is the logical relation {001,010, 100}. 

The set of quasi-equivalent S'-formulas with constants, Qen{S), is the smallest 
set of formulas such that 

— for all logical relations R £ S and all vectors of variables v, R{v) G Qen(S), 

— for all formulas p,p £ Qen{S) and all variables x, y, the following formulas 
are all in Qen{S): pAp, p[y/x], (^[0/x], ^[1/x], and 

— if p £ Qen{S) and p is quasi-equivalent to p then also p £ Qen{S). 

Hence, Qen{S) is the smallest set of quasi-equivalent S'-formulas closed under 
conjunction, renaming, and substitution by a Boolean constant, whereas QenpS) 
is the smallest set of quasi-equivalent S-formulas closed under conjunction, ren- 
aming, and substitution by the Boolean constant h. The set of quasi-equivalent 
S-formulas without Boolean constants is denoted by Gennc(S). 

We define the set of all relations representable by quasi-equivalent S-formulas 
with Boolean constants as TZep{S) = {[p] \ p G Gen{S)} and the set of all 
relations representable by quasi-equivalent S-formulas without Boolean constants 
as TZepnc{S) = {[^] | p G Gennc{S)}. TZepb{S) is the set of all relations that are 
representable by quasi-equivalent S'-formulas with the Boolean constant b only. 

We adopt the usual syntactic characterization of logical relations and formu- 
las. A Horn formula is a formula in conjunctive normal form with at most one 
positive literal per clause. Dually, an anti-Horn formula is a formula in conjunc- 
tive normal form with at most one negative literal per clause. A fc-CNF formula, 
for a positive integer k, is a propositional formula in conjunctive normal form 
with k literals per clause. We say that a logical relation R is 

— 0- valid if (0 • • • 0) £ R, 1- valid if (1 • • • 1) G S; 

— Horn if R{v) is logically equivalent to a Horn formula, anti-Horn if R{v) 
is logically equivalent to an anti-Horn formula; 

— afRne if the formula R{v) is logically equivalent to a system of linear equa- 
tions over the smallest Boolean ring Z 2 ; 

— 2SAT if the formula R{v) is logically equivalent to a 2-CNF formula; 

— complementive if for every model (oi ■ ■ ■ Un) £ R there exists the comple- 
mentary model (1 — oi • • • 1 — a„) G R. 
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3 General Unique Satisfiability Problem 

Theorem 1 (Dichotomy Theorem). Let S be a finite set of logical relations. 
If S satisfies one of the conditions m to below, then another sat(5') and 
UNIQUE SAt(S') are polynomial-time solvable. Otherwise, another SAt(S') is 
NP-complete and unique SAt(S') is coNP-hard. 

1 . Every relation in S is 0 -valid and 1 -valid. 

2 . Every relation in S is complementive. 

3 . Every relation in S is Horn. 

4 -. Every relation in S is anti-Horn. 

5 . Every relation in S is affine. 

6. Every relation in S is 2 SAT. 

Notice that unique SAt(S') becomes coNP-complete if either every relation in S 
is 0-valid or every relation in S is 1-valid, since then it can be expressed as 
the complement of the problem another SAt(S') with the given model 0 • • • 0 
or 1 • • • 1, respectively. This result can be generalized to an arbitrary model. 
The problem UNIQUE SAT (S') with the additional information that there exists 
a model is just the complement of the problem another SAt(S), and therefore 
it is coNP-complete. 

Notice also that the problem unique not-ALL-equal sat, asking whether 
there is a unique model, such that in no clause are all literals evaluated to the 
same Boolean constant (i.e., (0 • • • 0) and (1 • • • 1) are excluded), is polynomial- 
time solvable, since the relation nae = {001,010,011,100,101,110} is comple- 
mentive. Indeed, if m is a model of a complementive formula f then also the 
dual m is a model of tp. Hence, a complementive formula has never an odd number 
of models. On the other hand, recall that the satisfiability problem NOT-ALL- 
EQUAL SAT is NP-complete. 

The rest of the paper is devoted to the proof of the Dichotomy Theorem for 
UNIQUE sat(5) and another sat(S'). 

Proposition 1 . Let S be a finite set of logical relations. If S satisfies one of the 
conditions to of Theorem^ then IZepb(S) satisfies the same condition. 
Otherwise, IZepb(S) is the set of all logical relations. 

The proof of this proposition requires several intermediate results. 

First, we need a tool for detecting the polynomial cases. See or irrmni 

for details. 

Proposition 2 . Let R be a logical relation and let p = R{v) be the correspon- 
ding formula. Then 

— R is Horn iff mi, m2 G Sat(())) implies (mi A m2) € Sat(<()); 

— R is anti-Horn iff mi,m2 G Sat(())) implies {mi V m2) € Sat(<()); 

— R is affine iff mi, m2, m3 € Sat(c(i) implies {mi © m2 © m3) G Sat(i^); 

— R is 2 S AT iff mi, m2, m3 G Sat(())) implies {miV m2) A{m2V m3) A{m3\/mi) G 
Sat(^) . 
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Lemma 1. Let R be a logical relation. If R is not Horn then the set TZepb{{R}) 
contains the relations [x ^ y] or [xVy] for each b € {0, 1}. If R is not anti-Horn 
then 'Repb{{R}) contains the relations [a; ^ y] or [x V y] for each b G {0, 1}. 

Proof. We do the proof only for the case of R not being Horn and 6 = 0. The 
proof of the other cases is similar. 

Let i? be a logical relation which is not Horn and let cj> = R{v) he the corre- 
sponding formula. We show that TZepo{{R}) H {[a: ^ y], [x V y]} ^ 0. Following 
Proposition 0 there exist two models mi, m 2 G Sat(0) such that (mi A m 2 ) ^ 
Sat((()). Moreover, we have that mi 7 ^ (0 • • • 0) (since (0 • • • 0) A m 2 = (0 • • • 0) G 
Sat((())), mi 7 ^ (1 • • • 1) (since (1 • • • 1) A m 2 = m 2 G Sat(c^)), mi 7 ^ m 2 (since it 
would imply mi A m 2 = mi G Sat(</))), and there exists a variable x G Var((j)) 
such that mi{x) = 1 and m 2 {x) = 0 (otherwise we get mi A m 2 = mi G Sat(</))). 
Symmetrically, we have that m 2 7 ^ (0 • • • 0), m 2 7 ^ (1 • • • 1), and there exists a 
variable y G Var{<f>) such that m 2 (y) = 1 and mi(y) = 0. 

Construct a new formula if = </>[0/Vb, x/14, y/Py] where Pq = {u G Var{(f) \ 
mi{v) = 0 A m 2 (u) = 0}, Vx = {v G Var{cf) \ mi{v) = 1}, and Vy = {v G 
Var{(f) I mi(u) = 0 A m 2 {v) = 1}. The sets Vx and Vy are nonempty, hence the 
formula if contains both variables x and y. It is clear that Vq, Vx, and Vy are 
disjoint and Pq U Pa, U Py = Var{(f). Clearly, [if] G TZepo{{R}). The relation [if] 
contains 01 and 10 but it does not contain 00. Hence, the relation [if] is either 
[if] = {01, 10} = [x ^ y] or [if] = (01, 10, 11} = [a: V y], depending on whether 
[if] contains 11 or not. □ 

Corollary 1. If S contains some relation which is not Horn and some relation 
which is not anti-Horn then TZepb(S) contains the relation [x ^ y]. 

Proof. Let i?i G S' be a non-Horn relation. Then TZepb{{Ri}) H {[x ^ y], [x V 
y]} 7 ^ 0 following Lemmas Let i ?2 G S be a non anti-Horn relation. Similarly, 
7 ^epf,({i? 2 }) n {[a; ^ y], V y]} 7 ^ 0. 

Assume that [a; ^ y] ^ TZepb{S) holds. Then both relations [a: V y] and 
[x V y] are included in TZepb{S). Therefore TZepb(S) contains also the relation 
[(a; V y) A (a; V y)] = [a; ^ y], contradiction. Hence TZepb{S) contains [x ^ y]. □ 

Lemma 2 (Negated Substitution). Let the relation [x ^ y] be included in 
TZepb(S). If a formula (f belongs to Qenb{S) and u, v are variables, then the 
formula <p[u/v] is contained in the set Qenb{S), too. 

Proof. By assumption, there exists a formula in Qenb{S) logically equivalent to 
X ^ y, therefore we can construct the formula cf[u' /v] A {u' ^ u). The formulas 
(f[u/v] and <f[u' /v] A {u' ^ u) are quasi-equivalent, when u' is a new variable not 
occurring in <f. □ 

Lemma 3 f |CH96] L Let R be a non-affine relation. Then 'Rep{{R, [x ^ y]}) 
contains the relations [x V y], [x V y], [x V y], and [x V y]. 

Let R be a b-valid and non-affine relation. Then the set TZepb{{R}) contains 
the relations [x V y], [x V y], [x V y], and [x V y] . 
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Lemma 4. Let R he a non-2SAT relation. Then the relation l-in-3 is contained 
in Tlepb{{R, [x ^ y], [a; V y]}). 

Proof. We do the proof only for 6=0, the proof for 6 = 1 is similar. 

Let i? be a non-2SAT logical relation and let (p = R{v) be the corresponding 
formula. Following Proposition 0, there exist three models mi, m 2 , m 3 € Sat((/)) 
such that (mi V m 2 ) A (m 2 V m 3 ) A (m 3 V mi) ^ Sat((()). Let cp' be a formula 
constructed from p by replacing each variable x G Var{p), such that mi(a;) = 1 
holds, by its negation x. From the Negated Substitution Lemma follows that 
p' G Gen{{R, [x ^ y]}). Let m^ and m '3 be models of p' corresponding to the 
models m 2 and m 3 of p. For each i = 2,3, if mi(a;) = 0 then m[{x) = mi{x) else 
m'(cc) = fhi{x). 

Let Vq, 14 , Vy, and I 4 be the following sets of variables: Vq = {u G Var{p') \ 
m 2 (v) = 0 A m'^{v) = 0}, 14 = {u G Var{p') \ m' 2 iy) = 1 A m'^{v) = 1}, 
Vy = {u G Var{p') I m' 2 {v) = 0 A m' 3 {v) = 1}, and 14 = {u G Var{p') \ m' 2 {v) = 
1 f\m' 3 {v) = 0}. Construct the formula p = p'[0/Vo,x/Vx,y/Vy,z/VP\. 

Note that the sets 14, I 4 , and Vz are nonempty. Therefore [p] contains the 
models 000, 101, and 110, but it does not contain 100 since the original relation R 
is not 2SAT. Construct the formula uj = p[x/x] A {x \/ y) A {y \/ z) A {z \/ x). 
From Negated Substitution Lemma follows that to G Geno{{R, [x ^ y],[x\/ y]}) 
and that [tu] = {001,010, 100}, i.e., [w] is the relation l-in-3. □ 

Lemma 5. TZepb{{l-in-3}) is the set of all logical relations, for each b G {0, 1}. 

Proof. Let R{x,y,z) be the formula corresponding to the relation l-in-3. Let 
pQ = R{x, ui,up A R{y, U2, M4) A R{ui,U 2 , U5) A R{u 3 , M4, Uq) A R{z, U 3 , 0 ), pi = 
R{x, Ui,U 4 )AR{y, U 2 ,U 4 )AR{ui,U 2 , U 3 )AR{u 3 , U 4 , Uq)AR{z, U 3 , upAR{ur, Ug, 1), 
po = R{x, y, 0), and pi = R{x, y,ui) A R{ui,U 2 , 1). It is easy to verify that the 
formulas po and pi are quasi-equivalent to x y y \/ z, and similarly that the 
formulas pQ and pi are quasi-equivalent to x ^ y. 

There exists a parsimonious reductions from the satisfiability problem SAT of 
a propositional formula in conjunctive normal form to the satisfiability problem 
3 sat of a propositional formula in conjunctive normal form with 3 literals per 
clause (see, e.g. EHina). Hence, for each SAT formula p there exists a quasi- 
equivalent 3-CNF formula p' . Now, for each i = 0, 1, the formulas pi and pi, using 
also the Negated Substitution Lemma, allow us to convert the 3-CNF formula p' 
to a quasi-equivalent formula in Geni({R}). Therefore, for every propositional 
formula p we have that [p] G TZepi{{R}), i.e., that TZepi{{R}) is the set of all 
logical relations. □ 

We are now able to prove Proposition 0 The proof is essentially the same as 
of Theorem 3.0 in ISch78l . 

Proof of Proposition [D We focus only on the case when S does not satisfy 
any of the conditions (EJ to OSl of Theorem m The other cases are clear. 

If S does not satisfy any of the conditions (El to (0 then S contains a 
relation Ri which is not Horn, a relation i ?2 which is not anti-Horn, a rela- 
tion i ?3 which is not affine, and a relation R 4 which is not 2SAT. Corollary 0 
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implies that [x ^ y] € 7?.ep{,({i?i, i? 2 })- From Lemma 0 follows that [a; V y] G 
'lZepb{{Ri,R 2 ,R 3 })- From Lemma0follows that the set 'R,epb{{R\, R 2 , Rz, ^ 4 }) 
contains the relation l-in-3. Therefore, by Lemma 0 'TZepb{{Ri,R 2 iRz,Ri}) is 
the set of all logical relations. Hence, also TZepb{S) is the set of all relations. □ 

Lemma 6 ( jCH96j ). Let S be a nonempty finite set of logieal relations. At 
least one of the following conditions holds: (1) Every relation in S is 0-valid. 
(2) Every relation in S is 1-valid. (3) TZepnc{S) contains the relation [a; A j/]. 
(4) TZepnc{S) contains the relation [x ^ y]. 

Moreover, if [x t\ y] ^ TZepnc{S) and [x ^ y] ^ TZepnc{S) hold then every 
relation in S is complementive. 

Proposition 3. Let S be a finite set of logical relations. Lf the relations in S 
are neither all 0-valid, nor all 1-valid, nor all complementive, then there exists 
a parsimonious reduction from UNIQUE SATc(S') to unique SAt(S') and from 
ANOTHER SATc(5) to ANOTHER SAt(5). 

Proof. If the relations in S are neither all 0-valid, nor all 1-valid, nor all com- 
plementive, then [a: A y] G TZepnc{S) or [x ^ y] ^ TZepnc{S) holds following 
Lemma 0 If [a; A y] G TZepndS) holds then the proof is the same as in case 1 
of Proposition 4.12 in EM. If we have [a; A y] ^ TZepnc{S) then the relation 
[x d y] is contained in TZepnc{S) following the first part of Lemma 0 But we 
have that [x ^ y] ^ TZepndS) since S contains a relation that is not comple- 
mentive, following the second part of Lemma 0 contradiction. Hence TZepnc{S) 
must contain the relation [x A y] . □ 

Theorem 2. Let S be a finite set of logical relations. Lf S satisfies one of the 
conditions 0) to m of Theorem^ then UNIQUE SATc(5') and another SATc(5') 
are polynomial-time solvable. Otherwise, another SATc(>S') is NP-complete and 
UNIQUE SATc(5') is coNP-hard. 

Proof. If every relation in S is Horn then every S'-formula is a Horn propo- 
sitional formula. To compute a model of a Horn formula in polynomial time, 
apply exhaustively the unit resolution, followed by setting the unresolved varia- 
ble to 0 (see for details). Dually, if every relation in S is anti-Horn then 

we compute a model of such S'-formula in polynomial time by exhaustive unit 
resolution, followed by setting the unresolved variables to 1. If every relation 
in S is affine then such S-formula is equivalent to a system of linear equations 
over the ring Z 2 . Its solution can be found by Gaussian elimination in polyno- 
mial time. If every relation in S is 2SAT then a model of such S-formula can be 
found in polynomial time by the Davis-Putnam procedure. 

Let if{xi, . . . ,x„) be an S-formula. If S satisfies one of the polynomial con- 
ditions, we compute a model m of 4> in the case of UNIQUE SAT in polynomial 
time by one of the previous methods. In the case of another sat the model m 
is already given. We can decide whether there is another model by the following 
polynomial-time algorithm: 

i ^ 0; another ^ false] 

while -'another A (i < n) do i 1; another -<r- sat{4/[m{xi) / Xi\) od 
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The call sat{(j)[rh{xi) / Xi\) means that we instantiate in the formula (j) the varia- 
ble Xi by the dual value of m{xi) and test whether this instance is satisfiable. 
The satisfiability of (j)[fri{xi) / Xi\ can be computed in polynomial time since S 
satisfies one of the polynomial conditions. If another = false (there are no other 
models) then return false in the case of another sat and true for unique sat. 
Otherwise, return true for another sat and false for unique sat. 

If S does not satisfy any of the polynomial conditions then we show that 
there exists a parsimonious reduction from unique 3sat to UNIQUE SATc(5'), and 
from ANOTHER 3SAT to ANOTHER SATc(S'). Indeed, consider the relations Rq = 
[xVj/Vz], Ri = [xVyVz], i?2 = [aiVyVz], and R3 = [xWyVz]. Let <pi{x, y, z) be a 
formula in Qeni,{S) quasi-equivalent to Ri{x, y, z), for f = 0, 1, 2, 3. Such formulas 
exist by Proposition D1 Let ijj he a 3-CNF formula. Construct the formula tp' by 
replacing each clause of by a corresponding formula (ft. This reduction is 
parsimonious. 

For proving both lower bounds, we use the same construction as in |PC82| . 
Let a{xi, . . . x„) be a 3-CNF formula. Construct the formula P{xo, xi, . . . Xn) = 
(a;o A xi A • • • A x„) V (xq A a(xi , . . . , Xn))- Transform f3 to conjunctive normal 
form (there is no exponential blow-up in this case), getting a 4-CNF formula. 
Transform (3 to a quasi-equivalent 3-CNF formula (3' (see EHina). It is clear 
that P has a unique model, namely 1 • • • 1, iff the formula a is unsatisfiable. 
If a represents an instance of UNSAT, the problem of unsatisfiability of a propo- 
sitional 3-CNF formula that is coNP-complete, then this reduction proves the 
coNP-hardness of unique SATc(S'). If a represents an instance of 3 sat, the sa- 
tisfiability problem of a propositional 3-CNF formula that is NP-complete, then 
this reduction proves the NP-hardness of another SATc(S'). To prove members- 
hip of ANOTHER SATc(S') in NP, guess an assignment m! different from m and 
check in polynomial time if m' satisfies the formula (p. □ 



We have assembled now all the necessary tools to prove Theorem [D 



Proof of Theorem ^ If every relation in S is 0-valid and 1-valid then every 
iS-formula without constants has at least two models: 0 • • • 0 and 1 • • • 1. Hence, 
the solution of this instance for unique sat and another sat is trivial. 

Let every relation in S be complementive and let (p be an 5'-formula without 
constants. Following the definition of a complementive relation, if m is a model 
of (p then also its dual m is a model of (p- Hence, for this case unique sat is 
alway false and another sat is always true. The rest of the polynomial cases 
is decided by the same algorithm as in Theorem El 

Assume that S does not satisfy any of the polynomial conditions (IQ to (0, 
i.e., that S contains a relation that is not both 0-valid and 1-valid, a relation 
that is not complementive, a relation Ri that is not Horn, a relation R 2 that 
is not anti-Horn, a relation R^ that is not affine, and a relation R 4 that is not 
2SAT. There are two cases to analyze. 
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Case 1: If S' contains a relation which is not 0- valid and a relation which is 
not 1- valid, then there exists a parsimonious reduction from unique SATc(S) 
to UNIQUE SAt(S) and from another SATc(S) to another SAt(S) following 
Proposition 13 Since unique SATc(S) is coNP-hard and another SATc(S) is 
NP-complete following Theorem 0 this proves that UNIQUE SAt(S) is coNP- 
hard and another SAt(S) is NP-hard. 

Case 2: If every relation in S is either 0-valid or 1-valid, but not both, 
and not complementive, then we have that [x ^ y] & TZeph{{Ri,R 2 \) fol- 
lowing Corollary Q [x W y] G TZepbdRs}) following Lemma 0 and the set 
TZepb{{Ri, R 2 , R 3 , R 4 }) contains the logical relation I-in-3 following Lemma 0] 
Let R(x, y, z) be the formula representing the relation I-in-3. If there exists a for- 
mula (j) containing the Boolean constant 6, construct the formula 4>' by replacing 
the constant 6 by a new variable Xb- Create a new formula as follows. If 5 = 0 
then let ip = (j)' A R{xb,Xb,u), otherwise if 6 = 1 then let ip = p/ A R{xb,u,u), 
where u is a new variable. It is clear that the formulas (p and ip are quasi- 
equivalent. Hence, there exists a parsimonious reduction from unique SATc(5') 
to UNIQUE SAt(S') and from another SATc(S') to another SAt(S'). 

In both cases, since unique SATc(5') is coNP-hard and another SATc(5') 
is NP-complete following Theorem El this proves that unique SAt(5') is coNP- 
hard and ANOTHER SAt(S') is NP-hard. Membership of another SAt(5') in NP 
is proved as in Theorem El hence another SAt(S') is NP-complete. □ 

4 Concluding Remarks 

The main result of the paper is a Dichotomy Theorem for the unique sat and 
ANOTHER SAT problems (Theorem nj, showing that every instance of both pro- 
blems is either solvable in polynomial time or it is coNP-hard, respectively NP- 
complete. We noticed that both considered problems have the same polynomial- 
time solvable instances. Moreover, we showed that the additional knowledge of 
the existence of a model pushes the problem UNIQUE SAT from the difference 
class DP down to coNP, making it coNP-complete. Compare it with the result 
in jV VSb] that unique sat is DP-complete under randomized reductions. 

We also proved Minoux’s claim (see |Min!I2| 'l that the SAT and unique sat 
problems have the same solvable in polynomial time instances in the presence 
of propositional formulas with Boolean constants (Theorem 0- On the other 
hand, if we consider formulas without constants, the solvable in polynomial time 
instances of SAT and unique sat are incomparable. There are solvable in po- 
lynomial time SAT instances with corresponding coNP-complete unique sat 
instances (0-valid or 1-valid), whereas there are NP-complete SAT instances with 
corresponding solvable in polynomial time unique sat instances (complemen- 
tive). Among the latter we find the problem NOT- all-equal sat for which the 
satisfiability is NP-complete, but which has never a unique model. 

Acknowledgment: I thank Miki Hermann for many valuable comments on the 
previous versions of the paper. 
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Abstract. Local event structures and local traces are generalizations of 
the classical prime event structures and Mazurkiewicz’ traces in which 
independence is no longer a global binary property. We consider the prob- 
lem of lifting the categorical connection between prime event structures 
and Mazurkiewicz’ traces to this more general setting. Using a generic 
approach it is shown how certain subcategories of local event structures 
and local trace languages can be related. Moreover, every coreflection 
between subcategories generalizing the connection between prime event 
structures and Mazurkiewicz’ traces hts into this approach. 



Introduction 

The traces introduced by Mazurkiewicz jS| and Winskel’s prime event structures 
0 are well-known abstract models for describing the behavior of concurrent sys- 
tems, in particular 1-safe Petri nets. Whereas traces can be used to describe the 
non-conflicting sequential executions of the system together with an equivalence 
relation induced by an independence relation over the actions, a prime event 
structure provides explicit information on the relationships between events in 
terms of a partial ordering and a binary conflict relation. Despite the fact that 
the prime event structure model is more abstract than the trace model, they are 
closely related 0. In particular, a coreflection between the categories of prime 
event structures and of Mazurkiewicz trace languages has been established m- 
This categorical approach allows not only to compare the models as objects, but 
also to compare their behavioral aspects (see, e.g., 11171 '). 

When an abstract model is meant to represent the behavior of dynamic sys- 
tems, it is reasonable to extend it to a category by equipping it with behavior 
preserving morphisms to capture a notion of simulation. Categories can be com- 
pared by functors which relate objects to objects and morphisms to morphisms, 
and thus preserve the dynamic behavior of the systems. An adjunction between 
categories consists of two functors, one in each direction, that fit together in a 
particular way. This is a formal way to express that one model is more abstract 
than another, as it allows to canonically represent objects from the more con- 
crete model that are mapped to the same object in the more abstract model. If 
in addition going from an object in the more abstract model to an object in the 
more concrete model and then back using the functors, leads to an isomorphic 
object, the adjunction is called a coreflection. Thus establishing a coreflection 
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between two categories proves a very strong relationship, as it shows that the 
functor to the abstract model gives a faithful description of the concrete model. 
For more technical details on categories, functors, adjunctions and coreflections, 
the reader is referred to . 

Local traces and local event structures were introduced in m to lift the 
semantical theory of 1-safe Petri nets to the level of more general Petri nets 
in which concurrency and conflict are not structural properties, but depend on 
the current marking (the state of the system). Therefore a local independence 
relation describes which sets of actions may occur concurrently after a given ex- 
ecution of the system, while local event structures require a concurrency axiom 
local to their configurations. Both the local trace semantics and the local event 
structure semantics of Petri nets are respectively proper conservative extensions 
of the trace semantics and the prime event structure semantics of 1-safe Petri 
nets. In 0 these extended models have been considered as independent notions 
without their connection to Petri nets and some direct links between the two 
classes have been established. Due to the locally defined concurrency of events, 
every local event structure defines in a natural way a local trace language. To 
associate a local event structure to a loeal traee language is however more eom- 
plieated, since this requires the identifieation of events. Following the classical 
approach, events are viewed as equivalence classes of prime intervals of the local 
trace language. Given an equivalence relation over prime intervals which satis- 
fies certain elementary conditions, a local trace language directly defines a local 
event structure. The least equivalence satisfying these conditions is called Pro- 
jectivity. It corresponds to the equivalence used to relate Mazurkiewicz’ trace 
languages to prime event structures [tifisp 1 1 )) . Projectivity however is too fine an 
equivalence to properly represent the concurrency of a local independence rela- 
tion in its associated local event structure. To achieve this, more prime intervals 
need to be identified. It is shown that History, the equivalence corresponding 
to the relation used in P| to associate a local event structure to a Petri net, is 
the least generalization of Projectivity which allows to extend the connection 
between Mazurkiewicz’ trace languages and prime event structures to the more 
general setting of local trace languages and local event structures. 

Whereas in ^ also other examples of equivalences of prime intervals are men- 
tioned, it is only for History that a coreflection is established between subcate- 
gories of local event structures and local event structures. It is left open whether 
more general equivalences might lead to categorical connections between larger 
subclasses. This paper gives an affirmative answer to that question. Rather than 
pursuing individual examples of suitable equivalence relations it focusses on a 
generic approach. First, we recall the straightforward and intuitive representa- 
tion of local event structures as local trace languages. This map easily extends to 
a functor which however admits no right-adjoint (Th. 12.411 except for restricted 
subcategories of each model [IIl)l4j . Next we introduce a notion of punctuation, 
based on equivalences of prime intervals, which admits Projectivity and History 
as particular examples; our main result is that any punctuation determines a 
coreflection between some associated subcategories of local event structures and 
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local trace languages (Th. 12 . 1 21 ) . Moreover we show that any generalization of 
the coreflection between prime event structures and trace languages may be ob- 
tained by this generic coreflection (Th. 13.41 . Finally, we briefly indicate some 
possible implications of this research for the theory of Petri nets. 

1 Basic Notions and Results 

Preliminaries. We will use the following notations: for any (possibly infinite) 
alphabet S, and any words u € S* , v € S*, we write u < u if it is a prefix of v, 
i.e. there is 2 S S* such that u.z = v; the empty word is denoted by e. We write 
\u\a for the number of occurrences of a G S in u G S* and pf{S) denotes the 
set of finite subsets of E; for any p G pf{E), Lin(p) = {u G p* | Va S p, |u|a = 1} 
is the set of linearisations of p. Finally, if A : if ^ if' is a partial function from 
E to E', we also write A : if* — > if'* and A : p/(if) ^ Pf{^') to denote the 
naturally associated monoid morphisms. 

Local Trace Languages. Local traces are a generalization of the classical 
Mazurkiewicz’ traces since they are based on an independence relation which 
is left-context dependent and which specifies sets of independent actions rather 
than pairs. 

Definition 1.1. A local independence relation on E is a non-empty subset I of 
if* X pf{E). The (local) trace equivalence ~ indueed by I is the least equivalence 
on E* such that 

TEi.- Vii,u' G E*,\/a G E,u ^ u' ^ u.a ^ u' .a; 

TE2 ' '^{u,p) G I,yp' Cp,Vi’i,i>2 G Lin(p'), ii.ui ~it.i>2. 

A (local) trace is an ^-equivalence class [it] of a word u G if*. 

ByTEi local trace equivalences are right-congruences. TE2 asserts that for every 
subset of actions which are independent after a sequence 11, all sequences obtained 
by executing first it and then in an arbitrary order the actions from this subset, 
are equivalent. Note also that local trace equivalences are Parikh equivalences: 
It ~ It' ^ Va G if, juja = jlt'lo. 

A local independence relation can be thought of as a representation of the 
behavior of a concurrent system. It provides information on possible sequential 
observations as well as information on their equivalence. Thus every local inde- 
pendence relation defines a prefix-closed language of sequential observations and 
a set of traces, the equivalence classes of these sequential observations. As ob- 
served in 15, the assumptions in these definitions can be translated into explicit 
additional conditions on the local independence relation without affecting the 
resulting sets of observations and traces. A local independence relation satisfying 
these additional conditions is called complete and is a maximal representative 
among local independence relations defining the same sequential observations 
and traces. In this paper we directly define local trace languages as combina- 
tions of a language (of sequences) and a complete local independence relation. 
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Definition 1 . 2 . A local trace language (LTL) over E is a structure C = 
where L C S* and I is a local independence relation on E such that 

LTLi.' (u,p) G I A p' C p^ {u,p') G I; 

LTL 2 ; {u,p) G I A p' CpA V G Lm{p') ^ {u.v,p\ p') G I ; 

LTL3; u ~ u' A (u,p) G I ^ {u\p) G I; 

LTL 4 .' (u.a, 0 ) G I ^ (m, {a}) G I; 

LTLs.' u G L GA (u, 0 ) G I. 

The requirements LTLi through LTL4 make the local independence relation com- 
plete. LTLi makes explicit what TE2 from Def. l1 .ll giia.ra.ntees for the trace equiv- 
alence: if a set of actions p can be executed concurrently after u, then so can any 
subset of p; moreover, following LTL2, the step p can be split into a sequential ex- 
ecution V and a concurrent step of the remaining actions. LTL3 states that after 
two equivalent sequences the independency and thus unorderedness of actions is 
the same; it corresponds to the right-congruence property TEi from Definition 
o LTL4 guarantees that whenever u.a is a sequential execution, then action a 
is allowed as a step after u. Finally, LTL5 ensures that L is precisely the set of 
sequential observations associated to I in 0 : from LTL4 and LTLi it follows that 
L is prefix-closed; moreover by LTL3 we know that L is closed under the trace 
equivalence induced by I. 

Local Event Structures. A local event structure is a family of configurations 
equipped with an enabling relation that specifies locally the possible concurrency 
of events. 

Definition 1 . 3 . A local event structure (LES) is a triple E = (E, C, h) where 
E is a set of events, C C pf{E) is a set of finite subsets of events called config- 
urations and he C X pf{E) is an enabling relation such that 
LESi.- (0 h 0) A (Ve GE, 3 cGC,eG c); 

LES2 : WcGC: c^ 0 ^ 3 eGc,c\ {e} h {e}; 

LES3.' Vc G C,\/p G pf{E): c\~ p ^ c (3 p = 0 ; 

LES 4 .- Vc G C,\/p G pf{E),\/p' C p.- c h p => (c h p' A c U p' h p \ p'). 

LESi guarantees that the empty set is always a configuration and that the en- 
abling relation is never empty. Also by LESi, each event occurs in at least one 
configuration. LES2 ensures that every non-empty configuration can be reached 
from the (initial) empty configuration. LES3 implies that each event occurs at 
most once and by LES4 each concurrent set can be split arbitrarily into subsets 
of concurrent events. 

To each local event structure E a set of (finite) sequential observations can 
be associated which we call the paths of £; formally, Paths(£) = {ei...e„ G E* \ 
Vi G [ 1 , n], {ei, ..., Ci-i} h {ei}}. As shown in P], an event appears at most once 
along a path and each path u leads to a unique configuration Cfg(u) defined by 
Cfg(u) = {e I \u\e = 1 }. 

To associate a local trace language to a local event structure we use the 
map defined in ^ which translates the enabling relation in a natural way into 
a local independence relation. The local trace language thus obtained faithfully 
represents the concurrency between events. 
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Definition 1.4. Let £ = (i?, C, h) he a loeal event strueture. The loeal traee 
language It[(£) assoeiated to E is It[(£) = (i?, /, Paths(£)) where I = € 

S* X pf{S)\ u G Paths(£) and Cfg(u) h p}. 



Equivalences of Prime Intervals. In order to associate a local event structure 
to a given local trace language C = {S, /, L) one has to define events. The event 
structure should properly refiect the sequential behavior and the independen- 
cies represented by the local trace language. Thus we want events to represent 
occurrences of actions. For the prefix-closed language L, occurrences of actions 
correspond to prime intervals of the partial order (L, <); these may be defined 
as the pairs {u, a) G S* x E such that u.a G L; we write Pr(£) for the set of 
prime intervals of C. It may however be the case that different occurrences of an 
action (hence different prime intervals) should correspond to the same event: for 
instance, if (u, {a, b}) G I then actions a and b may occur simultaneously after u; 
an observer cannot distinguish the occurrence of a after u from the occurrence of 
a after u.b; thus (u, a) and (u.b, a) must be identified as the same occurrence of a. 
Furthermore if u and u' are equivalent (in the same local trace), then the prime 
intervals (u,a) and (u' ,a) should not be distinguished either. For these reasons 
we need an equivalence relation over the prime intervals of C when associating a 
local event structure to C. The requirements which any such equivalence should 
satisfy are defined below. 

Definition 1.5. Let C = (E,I,L) be a loeal trace language; an equivalence of 
prime intervals of C is an equivalence over Pr(/i) which satisfies 

Ind.- (u, {a, 5}) G I A a ^ b ^ (u,a) (u.b, a) [Lndependence] 

Cfl; (u, a) G Pr(£)A (u', a) G Pr(£)A u ^ u' ^ (u, a) (u', a) [Confluence] 
Lab.- (u,a) X£ (v,b) ^ a = b [Labeling] 

Occ: u.a < v.a A (u, a) X£ (v,a) ^ u = v [Occurrence Separation] 

Ind and Cfl specify which prime intervals should definitely be identified whereas 
Lab and Occ limit rationally the allowed identifications: Lab ensures that equiva- 
lent prime intervals correspond to occurrences of the same action and by Occ no 
execution sequence allows more than one occurrence of the same event. Given 
an equivalence of prime intervals of a local trace language, we can define a local 
event structure. 

Definition 1.6. Let C — (S,I,L) and let X£ be an equivalence of prime 
intervals of L. For any word u G L, the set of events in u is Eve-^j^(u) = 
{{v^b)c I v.b < u}, where {v,b)c denotes the ^c~class of (v,b). The local event 
structure Ics-^(£) is the triple (E,C,\~) where C = {Eve^j^(u) \ u G L}, 
E = UC, and 

3u G E*, 3ai, ..., a„ G E, (u, {oi, ..., a„}) G / 
AEve^^(u)=cA ^i G [l,n],ei = {u,ai)c 



ch {ei,...,en} AA 



This definition is essentially the same as Definition 2.3 of 0, the only difference 
being the representation of the independence relation through a local trace lan- 
guage. The proof that (>C) is indeed a local event structure is completely 
analogous to the proof in 0 . 
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2 Generic Categorical Connection 

In this section the generic approach towards relating local event structures and 
local trace languages is outlined. By equipping both classes of objects with suit- 
able behavior-preserving morphisms we obtain the categories LIES and LTL. 

Categories UE§ and LTL. First, we provide local trace languages with mor- 
phisms which preserve sequential executions and independencies. 

Definition 2.1. A (local trace) morphism A from C = (H, /, L) to C! = (if', 

L') is a partial function X : E ^ S' such that 

- V(u,p) e I , (A(u),A(p)) G I '; 

— V(u, {a, 6}) G I : a ^ b A A(a) and \{b) are both defined => A(a) ^ X{b). 

We denote by LTL the category of LTL provided with these morphisms. 

Note that, due to Axiom LTL5 of Def. O A(L) C L'; moreover if ui and U 2 
are trace equivalent according to / then A(ui) and A ( 1 x 2 ) are trace equivalent 
according to /' . Note finally that if two distinct actions a and b are independent 
after u and if A(a) and A(6) are both defined then they should be independent 
after A(u) in order to respect concurrency: therefore in this case we require that 
A(a) yf A(6). Morphisms of local event structures preserve the enabling relation 
and hence the concurrency between events. 

Definition 2.2. A LES morphism 77 from £ = (E, C, h) to £' = {E' , C , h') is a 
partial function rj \ E ^ E' such that Vc G C, \/p G pf{E): c h p => rj{c) h' rj{p). 
We denote by LE§ the eategory of LES provided with these morphisms. 

We should stress here that Winskel’s prime event structures form a full subcat- 
egory of local event structures, as detailed in |0]; moreover, Mazurkiewicz’ trace 
languages of ^ can easily be seen as a full subcategory of LTL. 

Impossibility Result. In It! we already have a map from the objects of 1JE§ to 
those of LTL . This map can be extended to a functor from U5§ to LTL , because 
each local event structure morphism rj : E ^ E' from £ to £' induces a local 
trace morphism [tl(? 7 ) : E E' from (t[(£) to lt[(£') defined by [t[(? 7 ) = rj. 

Lemma 2.3. It! is a functor from LES to LTL. 

This is the expected intuitive translation which extends very simply the classical 
functor from prime event structures to trace languages m- On the other hand, 
there are in general various ways to map a local trace language to a local event 
structure, depending on the chosen equivalence of prime intervals. Given a family 
of such equivalences (one for each local trace language) one could attempt to 
lift the corresponding family of mappings to a functor from LTL to lES . As we 
will see in the examples to follow, for certain families of equivalences of prime 
intervals this can indeed be done. Yet, none of these functors can act as a right- 
adjoint to [t[ in an adjunction between LES and LTL. In fact we even have 

Theorem 2.4. There is no adjunction between LES and LTL with (tl as the 
left-adjoint. 
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This result directly follows from a result (Th. 13.41) given in Section 3. 

Punctuation. Given the impossibility of an adjunction between UE§ and LTL 
with [tl as the left-adjoint, we now investigate the relationships between sub- 
categories. We are particularly interested in having [tl as the left-adjoint and a 
functor based on prime interval respecting maps as the right-adjoint. Using a 
generic approach which abstracts from concrete equivalences of prime intervals, 
it is possible to identify conditions on objects and arrows in the categories which 
lead to subcategories between which coreflections of the desired nature do exist. 

Equivalences of prime intervals are essential to separate occurrences of the 
same action which are perceived as different events (see Axiom Occ of Def. I I .511 . 
Thus the choice of such an equivalence is a semantic issue. In analogy with 
the use of punctuation in a text to influence its meaning, we call the choice 
of an equivalence for each local trace language C a punctuation. A natural 
condition on a punctuation is that it should respect isomorphisms between local 
trace languages, as otherwise behaviorally equivalent local trace languages could 
be given different semantics. 

Definition 2.5. A punctuation is a family of equivalences tt = (><£)£gLTL 
that each is an equivalence of prime intervals of L and for any isomorphism 
X : C —!■ C o/LTL; (u, a) (n, b) => (A(u), A(a)) (A(n), A(6)). 

Thus a punctuation tt determines a representation of each local trace language 
£ as a local event structure hence it provides a translation [es^ from 

local trace languages to local event structures for which C maps to 

Before extending this map to a functor, we restrict the arrows of LTL to 
those local trace morphisms that respect the choice of events prescribed by tt. 

Definition 2.6. Let tt = (>^£)£gLTL ® punctuation. A morphism X : C ^ C 

is TT-stable if{u,a) x^ (v,a) A A(a) is defined => (A(u),A(a)) x^/ (A(u), A(a)). 

Note that by Def. 12.51 local trace isomorphisms are always stable. Each 7r-stable 
local trace morphism A from £ to C induces a local event structure morphism 
[es,r(A) from les,r(£) to les,r(£0 defined by les,r(A)((M, a)^) = (X{u) , X{a)) c> . 
Thus [es^(A) can be extended to a functor between the subcategory of LTL with 
only TT-stable morphisms and the category LE§. 

Lemma 2.7. Let tt = (><£)£gLTL ® punctuation; [es,r is a functor from the 

category of local trace languages with n-stable morphisms to LE§. 

Thus, with this restriction to 7r-stable morphisms, we get a morphism preserving 
way back from local trace languages to local event structures. As the following 
examples will demonstrate, for some particular punctuations tt, this restriction 
is not a real restriction as all local trace morphisms are 7r-stable. 

Examples. The simplest punctuation is called Projectivity; it consists of the 
equivalences ttP = (^£)£gLTL each x^ is the least equivalence over 

Pr(£) satisfying the conditions Ind and Cfl of Definition II .01 Thus each x^ iden- 
tifies only those prime intervals that should definitely be identified as explained 
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^[ba] 

^[ab] 



— — >{bad] 
— — -[abd] 



Fig. 1. jCi 



Fig. 2. £2 



just before Definition 01 This rule of identification was used in to connect 
prime event structures and Mazur kiewicz traces, and initially in for the con- 
nection with 1-safe Petri nets. Note that each also satisfies Lab and Occ. So 
it is the least equivalence of prime intervals of C. 

The punctuation History tt^ corresponds to the rule of identification intro- 
duced in in order to connect Petri nets with local event structures. In it 
has been formally defined by = (><£)£gL'j'L least 

equivalence over Pr(£) satisfying Ind and Cjc (Conjunction) defined by: 

Cjc : (m, a) G Pr(£)A (u', a) € Pr(£)A Eve-^ (u) = Eve-^ (u') ^ (u, a) {u' ,a) 
Informally speaking, Conjunction requires the identification of two occurrences 
of an action a, whenever the histories u and u' preceding these occurrences de- 
scribe the same events and thus will lead to the same configuration in the local 
event structure to be associated to £. Since every x^ is an equivalence of prime 
intervals, it follows that x^C x^ for all local trace languages £. In general this 
inclusion is strict: History leads to more identifications of prime intervals than 
Projectivity (for an example in connection with Petri nets see 0). 

The punctuation = (^<£)£gLTL consists of the equivalences x^ such that 
each x^ is the least equivalence over Pr(£) which satisfies Ind and the following 
condition: [(u, a) e Pr(£) A (m', a) £ Pr(£) A 'ix G E ,\u\x = \u'\x] ^ {u,a) ddc 
{u' , a). Thus in the history preceding an occurrence of action only the number of 
occurrences of each action is relevant. This resembles the situation in Petri nets 
where firing sequences lead to the same marking whenever in these sequences, 
for each transition its number of occurrences is the same. It is easy to see that 
for each local trace language x^ Cx^. In general. History identifies less prime 
intervals than does. Consider for example the local trace language £1 depicted 
in Fig. E Here we have {ab, d) {ba, d) but (o6, d) x^^ (6a, d). 

Note that each of the punctuations tt^, tt^, and has the property that 
all morphisms are stable w.r.t. it. However this property does not hold for all 
punctuations. Consider, e.g., the Counting punctuation 7 t° = (><2:)£6LTL defined 
by (u,a) x2; (v,b) iff a = 6 A |u|a = |u|h. Thus in Counting two occurrences 
of an action a are identified, if a has occurred the same number of times in the 
histories preceding these occurrences. As an example of a local trace morphism 
that is not Tr'^-stable consider the morphism A from £1 to £2 (depicted in Fig. 
□ and ED which is defined by A(a) = A(6) = A(d) = c. This morphism is not 
Tr'^-stable because (6, a) x^^ (e, a) but (c, c) 

Main Result. In the rest of this section, we consider a fixed punctuation tt = 
(^A)£gLTL- establish that the functors It! and UStt form a coreflection when 
restricted to certain subcategories of ME§ and LTL, determined by tt. 
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First, one essential property of such a connection is that any local event 
structure £ should be isomorphic to [es,r ° It[(£). This makes it necessary to 
cut down on the objects of UE§. We single out those local event structures 
which have the property that for each event of £ all its occurrences in It[(£) are 
equivalent. 

Definition 2.8. A local event structure £ is 7r-singular i/Vui.e, U 2 -e € Paths(£), 
(ui,e) ><[t((£) (u 2 ,e). UE§^ is the full subeategory of tt- singular LES. 

As the next proposition shows, the 7r-singular local event structures have the 
desired property; moreover, as far as finitely branehing local event structures are 
concerned, 7r-singularity is an optimal restriction. 

Proposition 2.9. Let £ = (A, C, F) be a local event structure. 

1. If E is TT-singular then £ is isomorphic to [es,r ° [tl(£); 

2. If E is isomorphic to [es,r ° It[(£) and if\!c G C, Card{e G E \ c\~ {e}} is 
finite then E is TT-singular. 

Thus now it is necessary to define the subclass of local trace languages which 
are mapped by [es,r to 7r-singular local event structures. 

Definition 2.10. A local trace language C is 7r-adequate j/[es,r(^) is ir-singular. 

Despite these restrictions, it may however still be the case that a 7r-adequate lo- 
cal trace language C and its associated local event structure U5t^{C) are not close 
enough. Motivated by a result from 0, we focus on the local trace languages 
£ = (E,I,L) such that the equivalence satisfies Cjc and Sym (Symmetry): 
Cjc : {u, a) G Pr(£)A (u', a) G Pr(£)A Eve-^ (u) = Eve-^ (u') ^ {u, a) X/; (u', a) 
Sym : (u,p) G I A u' G L A Eve-^(u) = Eve-^(u') {u\p) G I. 

Conjunction and Symmetry are necessary consequences of the requirement that 
the translation [es,r should respect the sequential observations and the concur- 
rency of a local trace language £. Thus £ should be such that whenever two 
sequences u and u' define the same configuration of Ies,r(£), then after u and 
u' one cannot distinguish through X£ occurrences of the same action a (Cjc) 
and the same subsets of actions are independent (Sym). Together Conjunction 
and Symmetry guarantee that the behaviors described by £ and Ies,r(£) are 
bisimilar. Here they provide sufficient conditions for a coreflection. 

Definition 2.11. LTL.„. is the subeategory o/ LTL whose arrows are the tt- 
stable morphisms and whose objects are the ir-adequate loeal trace languages that 
satisfy Cjc and Sym w.r.t. the punctuation tt. 

We are now ready to state our main result: 

Theorem 2.12. The functor kST^ : LTL,r ]LE§,r is a right-adjoint of (tl : 
LJE§^ ^ LTL^ which forms a coreflection. 

Example 2.13. Consider the punctuation History tt^ defined earlier in the ex- 
amples. By Theorem l2.12l is coreflective in LTL^h, which was also proved 

in There however, this categorical result was proved for History alone and 
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there was no need to introduce the notions of 7r-adequacy and 7r-stability. The fol- 
lowing observations show how that directly obtained result fits into the generic 
approach of this paper. First, we note that all equivalences of History satisfy 
Conjunction by definition. Moreover, it is not difficult to check that all local 
trace languages C for which satisfies Symmetry are 7r^-adequate. Hence the 
objects of LTL.„.h are all local trace languages C for which satisfies Sym and 
the restriction to 7r^-adequate languages is void. Furthermore, as observed be- 
fore, all local trace morphisms are 7r^-stable. Consequently, LTL.,r'* is the full 
subcategory of local trace languages satisfying Sym w.r.t. History. 

In general though these restrictions may be real. Consider, e.g., the punc- 
tuation 7T^ which was also defined in the earlier examples. The local trace lan- 
guage C\ of Fig. n satisfies both Conjunction and Symmetry, but C\ is not tt'^- 
adequate: in the local event structure [cs,r9 (>Ci) we have paths (e, a). {a, b).{ab, d) 
and (e, 6).(&, a).{ba, d) with the property that the four events (e, a), (a, 5), (e, &), 
and (6, a) are all distinct while (o6, d) = {ba, d) are the same event (due to 
Thus in the local trace language of [es,r9('Ci), the prime intervals {{e,a){a,b), 
(ab,d)) and {{e,b){b,a),{ba,d)) will not be identified even though (ab,d) and 
(6a, d) are the same. 

The significance of Theorem IZ. 1 21 as the main result of this paper lies in its 
being optimal. As detailed in the next section, and LTL^ are the largest 

subcategories of ME§ and LTL for which a coreflection with (tl and [es^ is possi- 
ble. Moreover, any extension of the coreflection between prime event structures 
and Mazurkiewicz’ trace languages is an instantiation of Theorem ITT5I with an 
appropriate punctuation tt. 



3 Optimal Aspects 

Theorem l2.12l gives conditions on subcategories of 1JE§ and LTL in terms of the 
chosen family tt of equivalences which guarantee that It! and les^ form a coreflec- 
tion between those subcategories. These conditions are now reconsidered. First 
of all, in LTL^ no other local trace morphisms can be allowed than those which 
never map equivalent prime intervals to non-equivalent prime intervals. With- 
out this restriction to 7r-stable morphisms it would not be possible to extend the 
map [es^ to a functor mapping morphisms to corresponding local event struc- 
ture morphisms (Tjemma, f/!.7l) . Secondly, if (tl and les^ are to form a coreflection, 
then the restriction to 7r-singular local event structures is necessary, at least 
for finitely branching local event structures (Proposition ISJ , and consequently 
the local trace languages have to be restricted to the 7r-adequate ones. Finally, 
the resulting subcategory of LTL consisting of the 7r-adequate local trace lan- 
guages and the 7r-stable morphisms between them is even further restricted to its 
full subcategory LTL^ by the requirement that the equivalences should satisfy 
Conjunction and Symmetry. (Note that this is a condition on the local trace 
languages once tt is given.) As the following proposition shows, this restriction 
cannot be weakened, at least not for finitely branching local trace languages. 
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Proposition 3.1. Let LTL^ be a subeategory of LTL whose arrows are the 
TT-stable morphisms between its objects and let C = {E,I,L) be a local trace 
language of LTL such that Vu S L, Card{a S E \ u.a S L} is finite. If 
[t[ : LJE§,r LTL^ admits [es^ as a right-adjoint then C satisfies Cjc and Sym 
w.r.t. the punctuation tt. 

Finitely branching in local trace languages is similar to finitely branching in local 
event structures. In both cases only a finite number of actions are enabled at 
any stage of the execution. From the above observations it follows that Theorem 
ETSl is optimal in the sense that each of the conditions in the definitions of £JE§,r 
and LTL^ is necessary if It! and [cs,r are to form a corefiection. Thus lJE§.n. and 
LTL^ are the largest subcategories of IJE§ and LTL for which a corefiection 
with [tl and [es,r is possible. In fact, the technique of associating a local event 
structure to a local trace language using an equivalence of prime intervals is a 
very general one. As explained below any possible extension of the corefiection 
from prime event structures to Mazurkiewicz’ trace languages may be obtained 
with an appropriate punctuation. Our main technical lemma is the following. 

Lemma 3.2. Let LJE§^ be a full subcategory o/ LIES which includes the prime 
event structures and LTL^ be a full subcategory of LTL. If the functor It! : 
LJE§^ ^ LTL^ admits a right adjoint les' : LTL^ — > LE§' then there exists a 
punctuation tt such that 

Ai; LE§' C LE§,r md LTL^ C LTL,r/ 

A 2 : V£ € LTL', kSTr(jC) is isomorphic to Ies'(£). 

Thus, any method les' to represent local trace languages by local event struc- 
tures is (modulo a renaming of the equivalence classes) based on a punctuation. 
One can even show that such a family of equivalences of prime intervals is unique. 



Lemma 3.3. Let LE§' and LTL' be as in Lemma \3.‘^ and let the functor les' : 
LTL' ^ LE§' be a right-adjoint to [tl. If = (^£;)£gLTL “ (^£)r;6LTL 

are two punctuations satisfying A\ and A 2 , then for each local trace language C 
o/LTL', 

The technical Lemma |^1 can be translated into the following informal converse 
of Theorem 

Theorem 3.4. Any adjunction between full subcategories o/LJE§ and LTL with 
[tl as left-adjoint may be obtained by Theorem Ut. UH with a unique family of 
equivalences of prime intervals — as soon as the local event structures considered 
include the prime event structures. 

We should note here that this result is the basis of a proof of Th. El as 
follows. Assume that [t[ : IJE§ ^ LTL admits a right-adjoint. Then, by Th. 13.41 
there is a punctuation tt such that IJE§ = LE§. 7 r and LTL = LTL.,r- Now it is 
easy to prove that tt = the Counting punctuation. Thus LTL = LTL,r<=, a 
contradiction since as observed above not all local trace morphisms are Tr'^-stable. 

Our main Theorem EH presents a generic framework to extend the clas- 
sical connection between Winskel’s prime event structures and Mazurkiewicz’ 
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trace languages. First of all, Projectivity ttP induces a coreflection from UES^p 
to LTL.„.p which (strictly) include prime event structures and Mazurkiewicz’ 
trace languages respectively. Furthermore, any other punctuation brings a simi- 
lar extension of the classical connection. However, it seems reasonable to restrict 
ourself to connections between full subcategories of each model in order to re- 
spect the structure of the original categories. Then Theorem 13.41 asserts that 
any such connection is an instance of the generic coreflection of Th. 12.121 — as 
soon as the translation from local event structures to local trace languages is the 
obvious functor Itl. 

Conclusion 

To conclude the paper, we now briefly consider how the theory presented here 
relates to the event structure semantics of Petri nets. Recall first that the fir- 
ing sequences of a 1-safe net determine Mazurkiewicz’ traces and thus a prime 
event structure uni. Similarly, as established in |2|, each Place/Transition net 
is naturally associated to a local trace language; this latter can then be repre- 
sented by a local event structure with the help of an appropriate punctuation. 
Applying this method to History leads precisely to the semantics introduced in 
0. Now different punctuations would lead to different event structure semantics 
that should be studied more precisely in the future. Furthermore the complete 
generic connection presented here should be also useful to propose semantics for 
generalized Petri nets with capacities, read arcs or inhibitor arcs. 
Acknowledgment. Thanks to the constructive criticism of some anonymous referees 
on a previous version of this paper, we could improve the presentation of our results. 
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Abstract. In this paper, mutually recursive function systems, picture- 
generating devices known in the area of fractal geometry, are translated 
into TOL collage grammars. The translation works in such a way that 
the infinite sequence of pictures which is specified by a mutually recursive 
function system through the Hutchinson operator contains exactly those 
pictures which belong to the language generated by the corresponding 
TOL collage grammar. In other words, the translation is correct. 



1 Introduction 

In this paper, we relate a picture-generating device from the area of fractal 
geometry with a grammatical approach to picture generation. More precisely, 
we construct a translation of mutually recursive function systems into TOL 
collage grammars and prove the correctness of this translation, meaning that 
every input system generates the same pictures as the resulting grammar. 

Mutually recursive function systems are a generalization of the much bet- 
ter known and frequently used iterated function systems. An iterated function 
system (see, e.g., Hutchinson [HutSl] and Barnsley [Bar88]) consists of a finite 
set of transformations on K'^. If all transformations are applied to a picture, 
i.e., a set of points, then the union of the results is again a picture. This con- 
struction of a picture from a picture is called Hutchinson operator. It can be 
repeated ad infinitum. The resulting inhnite picture sequence converges if all 
transformations of the iterated function system are contractions and the initial 
picture is a compact set. The limit is called attractor and can be shown to be 
the fixed point of the Hutchinson operator. This means that the attractor is 
the union of its own transformed copies. In the case of affine transformations, 
this phenomenon is called self-affinity (and self-similarity if all transformations 
are similarity transformations). If one of the transformations is the identity, the 

* This research was partially supported by the EC TMR Network GETGRATS 
(General Theory of Graph Transformation Systems), the ESPRIT Basic Research 
Working Group APPLIGRAPH (Applications of Graph Transformation), and the 
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attractor still exists, but depends on the initial picture. A function system of 
this type is called iterated function system with condensation. 

A mutually recursive function system, as it is called by Culik II and Dube 
[CD93a], is not just an unstructured set of transformations, but may be seen as a 
directed graph the edges of which are labelled with transformations. In this case, 
the Hutchinson operator gets a vector of pictures - one picture for each node -, 
applies the transformation of each edge to the picture of the source node, returns 
the result to the target node, and overlays the resulting pictures at each of the 
nodes. Therefore, the repetition of the Hutchinson operator yields an infinite 
sequence of vectors of pictures, where the picture sequence of one distinguished 
display node is considered as the semantics of the system. Peitgen, Jurgens, 
and Saupe [PJS92] call such function systems networked multiple reduction copy 
machines and hierarchical iterated function systems. Moreover, various other 
denominations are used in the literature they refer to. 

Collage grammars (see, e.g., Drewes, Habel, Kreowski, and Taubenberger 
[DK99, HKT93]) are rule-based, syntactic picture-generating devices, whose gen- 
erating mechanism is based on hyperedge replacement as known from the area of 
graph transformation (see, e.g., Drewes, Habel, and Kreowski [DHK97, Hab92]). 

A collage consists of a set of parts and a sequence of pin points. A part may 
be an arbitrary set of points (in a Euclidean space) - usually taken from some 
standard set of geometric objects like line segments, circles, triangles, polygons, 
polyhedra, etc. that have simple finite descriptions and are easy to deal with on 
graphical user interfaces. The pin points are used to paste collages into collages. 
A collage represents a picture by the overlay of its parts. 

To generate collages from collages by the application of productions, they 
are decorated with hyperedges in intermediate steps. A hyperedge is a labelled 
item with an ordered number of tentacles each of which is attached to a point. A 
hyperedge serves as a place holder. It may eventually be replaced by a decorated 
collage, provided that there is a transformation of the pin points into the attach- 
ment points of the hyperedge. This kind of hyperedge replacement establishes 
the rewrite steps of a collage grammar if the label of the replaced hyperedge 
and the replacing decorated collage form a production. The grammar is a TOL 
collage grammar if it provides a set of tables, i.e., a set of sets of productions, 
and in each derivation step all hyperedges are replaced simultaneously, using 
productions from only one of the tables. A TOL collage grammar generates a 
set of collages in the usual way of language generation. 

While mutually recursive function systems generate pictures from pictures 
in a bottom-up fashion, TOL collage grammars derive pictures top-down by 
refining and eventually terminating nonterminal hyperedges within intermedi- 
ate pictures. Nevertheless, both picture-generating processes are related to each 
other in a meaningful way, as our main result shows. 

The paper is organized in the following way. The basic notions and notations 
of collage grammars and mutually recursive function systems are recalled in 
Sections 2 and 3. The translation is constructed and proved correct in Section 4. 
Finally, Section 5 contains some concluding remarks. 
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2 TOL Collage Grammars 

In this section, the basic notions and notations concerning collages and TOL 
collage grammars (cf. [DK99, DKK99]) are recalled and illustrated by two ex- 
amples. 

For a set A, A* denotes the set of all finite sequences over A, including the 
empty sequence A; p{A) denotes its powerset; and A\B denotes the complement 
of a set B in A. For a function f: A ^ B, the canonical extensions of / to p{A) 
and to A* are denoted by / as well, i.e., f{S) = {/(a) | a G S'} for 5” C A and 
/(oi • • • a„) = /(oi) • • • /(a„) for ai, . . . , a„ G A. 

As usual, for a binary relation C S x S one may write s ==p- s' instead of 
(s, s') G and sq or sq =^* Sn to abbreviate sq ==^ Si 

The sets of natural numbers and real numbers are denoted by N and K, 
respectively. Familiarity with the basic notions of Euclidean geometry is assumed 
(see, e.g., Coxeter [Cox89]). denotes the Euclidean space of dimension d 
for some d > 1, which is equipped with the usual Euclidean distance function 
dist : X > K. 

A collage consists of a set of geometric objects, called parts, and a sequence 
of so-called pin points. To generate sets of collages, they are decorated with 
hyperedges. A hyperedge has a label and an ordered hnite set of tentacles, each of 
which is attached to a point. A handle - a collage consisting of a single hyperedge 
- is particularly useful as initial collage. Each collage specifies a picture, called 
induced pattern, by the overlay of all its parts. All these notions are defined 
more precisely as follows. 

A collage (in I^) is a pair [PART, pin), where PART C p(Il^) is a finite set 
of so-called parts and pin G (IR^)* is the sequence of pin points. C denotes the 
class of all collages. The overlay of the set of all parts of a collage C yields the 
induced pattern pattern{C) = [jpart&pARTc 

Let iV be a set of labels and let, for each A G N, pinj^ G (W^)* be a fixed 
sequence of pin points associated with A. A (hyperedge-) decorated collage (over 
N) is a construct C = [PART, E, att, lab, pin), where [PART, pin) is a collage, E 
is a finite set of hyperedges, att: E ^ (Il¥^)* is a mapping, called the attachment, 
and lab: A — > A” is a mapping, called the labelling, such that for each hyperedge 
e G E there is a unique affine transformation a(e) : ^ satisfying att{e) = 

a(e)(pm;^f,(g)). The class of all decorated collages over N is denoted by C{N), 
and PARTc, Eq, attc, labc, and pinQ denote the components of C G C{N). 

A collage can be seen as a decorated collage C where Eq = 0 . In this sense, 
C C C{N). Thus, we may drop the components Eq, attc^ and labc if Ec = 0 - 
Furthermore, we will use the term collage also in the case of decorated collages 
as long as this is not a source of misunderstandings. 

Example 1 (collage). Collages will be depicted as shown in Figure 1. Pin points 
and attachment points of hyperedges are drawn as small bullets. The pin points 
are numbered according to their order in the sequence of pin points. A hyperedge 
is represented as a square carrying its label inside, together with numbered lines 
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• • 

1 2 

Fig. 1. A collage 



indicating the attachment. If the sequence of attachment points is obtained from 
the sequence of pin points by scaling and translation only, then the numbers are 
dropped (see the i3-labelled hyperedge). < 



Let A be a label in N. The handle induced hy A is the decorated collage 
A* = {lh,{e},att,lab,pinj^) with lab{e) = A and att{e) = pinj^. (Recall that 
pinj^ denotes the sequence of pin points associated with the label A.) 

Removing a set i? C Ec of hyperedges from a collage yields the collage 
C — B — [PARTc, Ec \ B, att, lab, pine), where att and lab are the restrictions 
of attc and labc to Ec \ B, respectively. 

The addition of a collage C" to a collage C is defined by C + C" = {PARTc U 
PART c , Ec W Ec, att, lab, pine), where l±) denotes the disjoint union of sets, 



att{e) 



attc{e) for e G Ec 
attc (e) for e G Ec , 



and lab{e) 



labc{e) for e G Ec 
labc{e) for e G Ec- 



As an abbreviation, one may write C + for C + Ci + • • • + C„. 

The transformation of a collage C by a transformation a: ^ is given 

by a{C) = (a{PARTc), Ec, att, labc, o(pin^)), where att{e) = a{attc{e)) for all 
e G Ec- 

Hyperedges in decorated collages serve as place holders for (decorated) col- 
lages. Hence, the key construction is the replacement of a hyperedge in a deco- 
rated collage with a (decorated) collage. While a hyperedge is attached to some 
points, a (decorated) collage is equipped with a number of pin points. If there 
is an affine transformation which maps the pin points to the attached points of 
the hyperedge, the transformed (decorated) collage may replace the hyperedge. 

Let C G C{N) be a collage and let B C Ec- Furthermore, let repl : B C{N) 
be a mapping such that, for all e € B, there is a unique affine transformation 
a(e) which satisfies attc{e) = a{e){pin^^pif^^-^)- Then the replacement of B in C 
through repl yields the decorated collage C[repl\ constructed by 



1. removing the hyperedges in B from C, 

2. transforming repl{e) by a(e) for all e € B, and 

3. adding the transformed collages a{e){repl{e)) to C — B. 

Thus, to be more precise, C[repl] = {C — B) + a{e){repl{e)) - 
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Whenever a notion of replacement like the one above is given, one may easily 
define productions, grammars, and derivations. In our particular case this leads 
to the notions of collage grammars and languages. More specihcally, we will di- 
rectly introduce table-driven collage grammars. Their definition is inspired by 
the well-known notion of TOL systems, i.e., table-driven context-free Linden- 
mayer systems (see, e.g., [KRS97]). This is why we shall call these grammars 
TOL collage grammars. 

Let TV be a set of labels. A production (over N) is a pair p = {A, R) with 
A G N and R G C{N) such that pin^^ is the pin point sequence of R. A is called 
the left-hand side of p and R is its right-hand side, denoted by Ihs (p) and rhs (p ) , 
respectively. A production p = (A,R) is also denoted by A ::=p R or simply 
A ::= R. 

Let C G C{N), B C Ec, and let P be a set of productions over N. We 
call b: B P a base on P in C if, for all e G P, labc{e) = lhs{b{e)). As, 
moreover, pinif^^^^^g^^ = there is a unique affine transformation a(e) 

which satisfies the equation attc{e) = a(e)(pm^^,,( 5 (g))); for all e G P. Thus 
we can say that C directly derives C G C{N) through 6 if C" = C[repl], where 
repl{e) = rhs{b{e)) for all e G B. A direct derivation is denoted by C=>pC'. 
A sequence C =4>p C of direct derivations is called a derivation from C to C". 

Definition 2 {TOL collage grammar). A TOL collage grammar is a system 
G = {N,T,Z), where N is a finite set of nonterminal labels (or nonterminals, 
for short), T is a finite set of tables with each table P G T being a finite set of 
productions over N such that {lhs{p) \ p G P} = N, and a decorated collage 
Z G C(N) is the axiom. 

For collages C,C' gC (N) we write C =^t C' if C derives C' through a base 
b\ Ec P for some P gT. The collage language generated by G is 

L{G) = {CgC\Z^G}. o 

One may write G =G> G' for C =>t G' if T is understood. Notice that every 
direct derivation is required to replace all hyperedges of a collage in parallel. 
This is essential because otherwise the division of the set of productions into 
tables would be meaningless. Notice also that every table contains at least one 
production for each left-hand side A G N, which implies that every table can be 
applied at any step of a derivation. 

Examples 3. The first example is the TOL collage grammar Ghilbert = ({A, P}, 
{{pi^P 2 },{p'i,p' 2 \}tB*), where pi, P 2 , p[, and p '2 are as shown in Figure 2 and 
pinp = pin.,,f^,,(^p^y This grammar generates all regular approximations of the 
Hilbert curve, of which some are shown in Figure 3. 

The second example is the collage grammar Gspeokles = ({A, B, C}, {Ti, T 2 }, 
A*), where Ti = {pi,P 2 ,Ps\ and T 2 = {p'i,p' 2 ^p's} contain productions as shown 
in Figure 4 and = pin.^f^g(^py. The patterns of some of the collages in the 
language Pspeckles are depicted in Figure 5. <1 
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• 1 



1 



2 



Fig. 2. The productions of the TOL collage grammar CGbilbert in Example 3 




Fig. 3. Pictures generated by the collage grammar CGhilbert 



A ;:= 

PI 




B :;= 

P2 




C ::= 

P3 




A :~ 

p'l 



B :;= 

P2 




Fig. 4. The productions of the TOL collage grammar GGspeckles in Example 3 
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3 Mutually Recursive Function Systems 

A mutually recursive function system is a finite directed graph the edges of which 
are labelled with affine transformations on . If each node is associated with 
a picture, i.e., a set of points in W^, the Hutchinson operator can be applied. It 
yields for each node the union of the pictures one obtains if the transformation 
of each edge is applied to the picture of its source node and the result is put 
to the target node. Starting from an initial picture for each node, the iteration 
of the Hutchinson operator yields an infinite sequence of pictures for each node. 
Moreover, one may distinguish one of the nodes and consider its picture sequence 
as the semantics of the system. 

Definition 4 {mutually recursive function system). A mutually recursive 
function system is a construct M = {F, V, nb, dis), where 

— F is a finite set of affine transformations on , 

— H is a finite set of nodes, 

— ti 6 is a neighbourhood function mapping each node u € V to a subset nb{v) C 
V X F, and 

— dis S H is the display node. 

Let A be a F-vector of pictures, i.e. A{v) C IR^ for each v G V. Then the 
Hutchinson operator yields a F-vector of pictures H{A) given by: 

H{A){v) = t{A{v)) for v G V. 

(v,t)Gnb{v) 

Choosing an initial F-vector Aq of pictures, the iteration of the Hutchinson 
operator extends Aq into an infinite sequence of F-vectors of pictures 

by letting A^+i = H{Ai) for z e N. The inhnite sequence of pictures (Ai(dzs))igN 
is called the picture sequence of M w.r.t. Aq. o 

If one requires in addition that all transformations in F are contractions, 
our notion above coincides with Peitgen’s, Jurgens’, and Saupe’s dehnition of 
hierarchical iterated function systems in [PJS92] and with Culik II and Dube’s 
concepts of mutually recursive function systems and affine automata in [CD93a] . 
The contraction property guarantees the existence of an attractor, which is not 
needed in this paper (cf. the end of this section). 
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The graph structure underlying a mutually recursive function system is given 
in terms of a neighbourhood function rather than a set of edges because the 
Hutchinson operator is more easily defined in this way. However, a neighbour- 
hood function nb represents the set of edges E = {(u, t, v) \ (v, t) € nb(v)} where 
the first component is the source node, the second the label, and the third the 
target node. Conversely, a set of edges E C VxFxV induces the neighbourhood 
function given by nb(v) = {(u, t) | (v, t, v) G E} for all v gV. 

Examples 5. The first example is the mutually recursive function system HILBERT 
which approximates the Hilbert curve. It consists of two nodes and eight edges 
forming the graph 



where the display node B is indicated by >■ and parallel edges are represented 
by a single edge labelled with the list of the original labels. The eight affine 
transformations are defined according to the following table giving, for each 
transformation, the scaling factor, the rotation angle in degrees (for counter- 
clockwise rotation), and the translation vector: 






scaling 

factor 


rotation 

angle 


translation 

vector 


tl 


1/2 


0 


(0,0) 


t2 


1 


0 


(0,0) 


ts 


1 


270 


(2,2) 


t4 


1 


180 


(4,0) 


ts 


1/2 


0 


(0,1) 


te 


1/2 


0 


(2,1) 


tr 


1/2 


270 


(1,0) 


ts 


1/2 


90 


(3,-2) 



In Figure 3, the fourth to seventh picture of the picture sequence of HILBERT 
w.r.t. E[q are depicted, where the vector Hq comprises as initial picture for node 
A the straight line with the end points (1,-1) and (1,1), and as initial picture 
for node B the empty set of points. The i-th iteration of the Hutchinson operator 
yields at the node A the straight line with end points (2“*, —2“®) and (2“*, 2“®), 
for i G N. 

The second example SPECKLES is given by the graph: 
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The four affine transformations have all the scaling factor 1/2. In addition, ti 
translates by (0,1), by (1,0), and by (1,1). 

If one chooses as initial pictures of the nodes A and B the empty set and as 
initial picture for the node C the square with the corners (0,0), (2,0), (2,2), and 
(0,2), forming the vector So, one obtains the pictures in Figure 5 as the fifth to 
eighth picture of the picture sequence of SPECKLES w.r.t. So- < 

If a mutually recursive function system M = {F, V, nb, dis) has only one node, 
i.e. V = {dis}, and maximum neighbourhood, i.e. nb{dis) = {dis} x F, then M 
is uniquely determined by the set F. In this case, the Hutchinson operator just 
applies all transformations to the given picture and overlays the results: 

H{A){dis) = U ‘(-4(f)) = U t{A{dis)) = [J t{A{dis)) 

{v,,t)^nb{dis) {disd)^{dis}'xF t^F 

In other words, such a mutually recursive function system coincides with the 
well-known notion of an iterated function system. If, moreover, the set of trans- 
formations contains the identity, the case of iterated function systems with con- 
densation is covered. 

Under certain conditions, mutually recursive function systems allow the def- 
inition of fractal pictures. If the compositions of the transformations along all 
simple cycles in the underlying graph of the mutually recursive function system 
are contractions^, the infinite sequence of U-vectors of pictures turns out to be 
a Cauchy sequence provided that the initial pictures are compact sets. Hence it 
has a limit, which is often called the attractor of the mutually recursive function 
system and can be shown to be the fixed point of the Hutchinson operator. 

4 Correct Translation 

We are now able to present the correct translation of mutually recursive function 
systems together with initial vectors of pictures into TOL collage grammars. The 
nodes of an input system become the nonterminal labels with the display node 
as axiom. For each such label v, there are two rules with v as left-hand side. 
The required pin points can be chosen arbitrarily; but to guarantee correctness, 
the pin points of v must uniquely identify affine transformations, i.e., ti(pm„) = 
t 2 {pin^) implies t\ = t 2 - This means that there are at least d + 1 distinct pin 
points and d of them form a basis of . Hence, a standard choice of pin points is 
the set of the d unit vectors together with the 0- vector 0. The pin point condition 
allows the encoding of a transformation by transforming the pin points. This is 
used in the construction of the first right-hand side of u. It has the neighbourhood 
nb{v), i.e., the incoming edges of v, as hyperedges. Each such hyperedge {v, t) G 
nb{v) has v as label and t{pin^) as attachment points, encoding t in this way. 
The second right-hand side of v has no hyperedge, but the initial picture of v as 

^ A transformation A: R** ^ R'* is a contraction if there is c < 1 such that for all 
a:, j/ G R**, dist{t(x), t{y)) < c ■ dist{x, y). 
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only part. All rules of the latter type belong to one table, all rules of the former 
type to another. 

Construction 6. Let M = {F, V, nb, dis) be a mutually recursive function sys- 
tem and Aq an initial C-vector of pictures, i.e., Aq{v) G for v G V. Moreover, 
let pin be an arbitrary choice of pin points for each v G V, i.e., pin^ G (W^)* , 
subject to the condition that t\{pin^) — t2{pin^) implies t\ = t2 for all afhne 
transformations t\ and t2- 

Then the translation of M, Aq, and pin yields the TOL collage grammar 
CG{M,Ao,pin) = (V,{Pi,P2},dis*), where Pi = {{v,Ri{v)) | n G C} with 
Ri{v) = {^,nb{v),attv,labv,pin^) and atty and laby defined by atty{{v,t)) = 
t{piny) and laby{{v,t)) = v for all {v,t) G nb{v), and P2 = {(f,i?2(v)) \ v gV} 

withi?2(v) = ({Ao(u)},0,0,0,pm„). 

The pin points do not have to be part of the input of the translator because 
there is a standard choice given by Oui ■ ■ - Ud with 0 = ( 0 , . . . , 0 ) and Ui = 
( 0 , . . . , 0 , 1, 0 , . . . , 0 ) for i = 1, . . . , d. □ 

2—1 d—i 



Examples 1. Consider the mutually recursive function system hilbert and the 
vector ido of initial pictures given in Examples 5. If one chooses = (0, —2) 
(2, 0)(0, 2) as pin points of A and pin^ — (0, —2) (4, —2) (4, 2)(0, 2) as pin points of 
B, then the translation yields the TOL collage grammar CGhilbert of Examples 3, 
i.e., GG(hILBERT, idg, p*7l) = GGhilberT' 

Analogously, the translation of SPECKLES and the vector Sq of Examples 5 
yields GGspeokles of Examples 3 if the pin points are chosen as = pin^ = 

pmc = (0,0)(2,0)(2,2)(0,2). < 

The TOL collage grammars resulting from the translation have a special 
structure. In each of the two tables, there is exactly one rule for every label, and 
all right-hand sides of the second table are terminal. Hence, every derivation 
applies the hrst table for some steps and ends possibly with an application of 
the second table. Moreover, each derivation step is uniquely determined by the 
choice of the table. In particular, for each v there is exactly one terminal collage 
Cy^n which is derived from the handle of v through n applications of the first 
table followed by an application of the second table. If one applies the Context- 
Freeness Lemma of collage grammars to such a derivation for n-Fl, one obtains a 
characterization of Cy^n+i in terms of R\{v) and Cy^n for all labels v. Altogether, 
these considerations lead to the following observations. 



Observations 8. Let M, Aq, pin and CG{M, Ao,pin) be as in the construction 
above. Then the following hold. 

1. For V G V and n G N, there is exactly one derivation of the form 



Pi 



■Cy 



P2 



■Cy 



2. Let V* G be a derivation with v G V and C G C. Then there is n G N 
with Cy^n = C. 
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3. In particular, L{CG{M, Aq, pin)) = {Cdis,n \ n € N}. 

4. For V G V and n G N, we have Cv^n+i — Ri{v)[repl] with repl : nb{v) Cy 
given by repl{{v,t)) = Cy^n for all (v,t) G nb{v) (with t{piny) = attv{{v,t) j). 

5. In particular, 

PARTcy,^_^, = U t{PARTc,,J. □ 

{v,t)Gnb{v) 

These observations allow to prove the correctness of the translations, i.e., that 
the derivation process of the collage grammar simulates the picture generation 
process given by the Hutchinson operator. 

Theorem 9. Let M, Aq, pin, and CG{M,Ao,pin) be as in the eonstruction 
above. Let (Hi)igN be the infinite sequence of V-vectors of pietures specified by 
M and Aq through the Hutchinson operator. Let Cy^n for v G V and n G N be 
as in the observations above. 

Then pattern{Cy^n) = An{v) for all v € V and n G N. 

In particular, pattern{L{GG{M, Aq, pin))) = {An{dis) \ n G N}. 

Proof (by induction on n). If n = 0, then pattern{Cyfi) = pattern{R 2 {v)) = 
pattern{{Ao{v)}) = Glo(u). 

Let the statement hold for n. Using the observations above, the induction 
hypothesis, and some properties of sets of points and affine transformations, we 
obtain for n + 1: 



pattern{Cy^n+i) = {x G 
= {a; G 
= {a; G 
= {a; G 
= {a; G 



X G part, part G PARTcy^^^i} 

X G part, part G t{PARTc^^„), (v,t) G nb{v)} 

X G t{part'), part' G PARTc„^„, (v,t) G nb{v)} 
X G t{pattern{Cy^n)), {vfi) G nb{v)} 

X G t{A„{v)), {v, t) G nb{v)} = H„+i(u) 



Finally, the proof is completed by the following specialization: 

pattern{L{GG{M, Ao, pin))) = pattern{{Cdis,n \ n G N}) 

= {pattem{Cdis,n) | n G N} 

= {An{dis) I n G N}. □ 



5 Conclusion 

We have presented a correct translation of mutually recursive function systems 
into TOL collage grammars. Clearly, this sheds some light on the relationship 
between two picture generation methods which are inspired by different areas: 
fractal geometry and formal language theory. What is gained in addition? First 
of all, as iterated and mutually recursive function systems are frequently used 
in visualization and animation, the translation provides a wealth of examples 
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of TOL collage grammars - and of context-free collage grammars as well by 
ignoring the table structure. Moreover, one may try to carry over concepts and 
results known for iterated and mutually recursive function systems to TOL col- 
lage grammars, and vice versa. Working out such synergy effects will be subject 
of future research. The results do not seem to be obvious because the two ap- 
proaches have quite different focusi. 

While collage grammars and mutually recursive function systems are studied 
in this paper, Culik II and Dube [CD93b] have related mutually recursive func- 
tion systems with L-systems - and there are other candidates for comparison like 
chain-code picture languages. Further research is expected to lead to a unified 
theory of picture-generating devices. 

Acknowledgement. We would like to thank Frank Drewes for many enlight- 
ening discussions on the subjects of this paper and the anonymous referees for 
their helpful hints. 
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Abstract. This paper introduces a class of graphs associated to linear 
bounded machines. It is shown that this class is closed, up to observa- 
tional equivalence, under synchronized product. The first-order theory 
of these graphs is investegated and shown to be undecidable. The latter 
result extends to any logic in which the existence of sinks may be stated. 



1 Introduction 

Finite transition systems together with their synchronized product define a sim- 
ple and elegant theoretical framework for specification and verification of systems 
of communicating processes. This framework is known as the Arnold-Nivat ap- 
proach PCS|. A number of equivalent approaches as e.g. CCS HD or Meije |2j 
and decision procedures for various logics (see e.g. 0 and El) have provided 
grounds for the model checking (see e.g. or El)- In spite of encouraging 
time-complexity results in this area, the approaches based on finite transition 
systems encounter space-complexity problems. To face up these problems, many 
compression-like techniques, as e.g. binary decision diagrams, have been deve- 
loped 0. 

The problem of storage space for a representation of a process may be over- 
come using (possibly) infinite transition systems. Among these, the best known 
are the pushdown transition systems viz the transition graphs of pushdown ma- 
chines. Since the result of El about the decidability of the monadic second-order 
logic of these graphs, more general families of graphs that enjoy this decidability 
property have been discovered in terms of several descriptions (see [Z| and [S|). 

Although the latter approaches provide an increased expressive power, they 
did not give rise to an important development of the “infinite model checking” 
theory and practice. In the authors’ opinion, this is due to the fact that interac- 
ting processes cannot be described within these approaches, because the classes 
of graphs of and El are not closed under the synchronized product. 

The classes of finite (resp. pushdown) transition systems are naturally related 
to rational (resp. context-free) languages. Both classes have been already inve- 
stegated, the former more deeply than the latter. But almost nothing is known 
about graphs related to the next level of the Chomsky hierarchy, namely the 
context-sensitive languages. The present paper goes into this direction with the 
emphasis on the synchronized product. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 362-^7^ 1999. 
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We consider a multi-tape linear bounded machine with a single, read-only 
input tape and we define the transition graphs of such devices. We study two 
transformations on these machines. The first-one is similar to the usual simu- 
lation of a multi-tape Turing machine by a single-tape one. The second-one 
consists in a construction of a multi-tape machine that behaves like several 
communicating single-tape machines. In both cases, we show that the trans- 
formations preserve observational equivalence of associated graphs (this is the 
main difference with the usual treatment where isomorphisms are considered.) 
The composition of both transformations allows to establish that the class of 
graphs of linear bounded machines is closed, up to observational equivalence, 
under synchronized product. 

Unfortunately, as established in the paper, the first-order theory of the gra- 
phs of linear bounded machines is not decidable. 

2 Preliminaries 

Throughout this paper, the empty word is written e and, if n G IN, [n] stands 
for the set {I, . . . , n} (with [0] = 0). 

2.1 Rooted Graphs, Their Synchronized Product and Their 
e- Equivalence 

A simple directed edge-labelled graph Q (or more simply a graph) over C is a set 
of edges, i.e. a subset of D x C x D where D is an arbitrary set, the elements of 
which are called the vertices of Q and C is an alphabet possibly extended with 
the empty word. Given d and d' in D, an edge from d to d' labelled by c S C is 
written d A d'. Thus, A is a binary relation on D for each c G C. A (finite) path 
in Q from d to d' is a sequence of edges of the form dg A di, ... , d„_i A dn such 
that do = d and dn = d' . The word w = Ci . . . c„ is then the label of the path. In 
this case, we may write d^ d' . We shall constantly consider graphs, the vertices 
of which are all accessible from some distinguished vertex. Thus, a graph Q is 
said to be rooted on a vertex d if there exists a path from d to each vertex of Q. 
The maximal subgraph of Q that is rooted on a vertex e is written G[e]. 

Synchronized Product of Rooted Graphs. The synchronized product of graphs 
has been introduced by Arnold and Nivat Ema . It is an essential part of the 
semantic of interacting processes. For more material, the reader may refer to 
IP. We introduce here a definition that is a variant of Arnold and Nivat ’s one. 
Indeed, in the scope of this paper, we need a product that takes as entry some 
rooted graphs and returns a rooted graph as well. Given n alphabets C\, . . . ,Cn 
possibly extended with e, a synchronization constraint C over C'i,...,C'„ is a 
subset of riie[n] A- Let Qi[di], . . . , 5„[d„] be some rooted graphs over Ci, ... , 
Cn- The synchronized product of Qi[di], . . . , Qn[dri\ with respect to C, written 
riiG[ra] A[d i], is the graph G[{di, . . . ,d„)] where 

C/ = {eAe'|cGC and Vj G [n \ , a A e' G Gi [di ] } . 
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In this definition, (resp. Ci, resp. e') stands for the coordinate of tuple e 
(resp. c, resp. e'). 

e-Equivalence of Rooted Graphs. In the following definition, ---y stands for the 
reflexive-transitive closure of A- and — ->■ = — ^oAo — + for any a in alphabet 
E. Let Qi[ei] and t/2[c2] be two rooted graphs over E U {e} with sets of vertices 
respectively Di and I?2- These graphs are said to be e-equivalent if there exists 
a relation ^ Di x D2 such that: 

1 . Dom(<~w) = Di and Ran(<~w) = D2; 

2. ei 62; 

3 . for each a in E, each path di — d[ in and each vertex d2 of t/2[e2] 

such that di ^2, there exists a vertex d'2 in t/2[c2] such that d'l d'2 

and d2 — ->■ d'2 is a path of G2[^2]l 

4 . for each a in E, each path d2~-^d'2 in t/2[e2] and each vertex di of 

such that di d2, there exists a vertex d'l in such that d'l d'2 

and di d'^ is a path of Gi[ei]. 

It should be noted that e-equivalence is an observational equivalence (also cal- 
led weak bisimulation) as defined by Milner in m if one considers e to be a 
nonobservable event. 



2.2 Linear Bounded Machines and Their Graphs 

We use a definition of a Linear Bounded Machin^ (LBM for short) that is 
slightly different from standard ones and has a flavour of a Chaitin computer 
1 ^. Our motivation does not rely on any languages theory aspect. Actually, we 
are interested in LBM’s as an approach for modelling process behaviour that is 
defined as a graph associated to an LBM. For that matter, we need LBM’s such 
that the motion of the input tape head is one-way, from the left to the right. 
When this head moves from a cell c to the right neighboor of c, the machine 
reads the content of c. Moreover, the work tapes are infinite to the left and to 
the right and, in addition to the usual moves (left and right), each work tape 
head may stay at its place. 

Formally, a k work tape LBM £ is a tuple {Q, E, Fi, . . . , Fk,S, go) where Q 
is the finite set of states, E is the input alphabet, £1, . . . , £), are the work tape 
alphabets, qo is the initial state, and S is the set of transitions: 

S C Q X E U {e} X Fi X ■ ■ ■ X Fk X Fi X {◄, ►, ■} x • • • x A x {◄, ►, m} x Q 

where ◄ (resp. ► and ■) symbolizes a move to the left (resp. a move to the right 
and no move) and an input e represents the special case where the input tape 
head of £ does not move and does not read any character. We assume that the 
blank character, written D, belongs to each Fi. 



^ A linear bounded machine is a linear bounded automaton with no final state. 
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An internal configuration {giiqi'i, . . . , gikqvk) of C is an element of the set 
A*-Q-A* X ••• X rk*.Q.rk*. This encodes the description of £ at a time as 
follows: q is the current state, for all i in [A:], is the content of the work 
tape from the leftmost nonblank character to the rightmost nonblank character 
and for all i in [k], the head of the work tape is reading ly^’s first character or 
n if is empty. Note that for all i in [k] , both Hi or Vi may contain D. An internal 
configuration, every coordinate of which equals qo, is called initial configuration 
of £. 

To every LBM £ = {Q, A, £i, . . . , <5, qo) we associate the graph Qc[l\ where 

L is the initial configuration of £ and Qc is defined as follows. The vertices of 
Qc are all the internal configurations of £ and the labels of Qc belong to the set 
A U {£}. Moreover, {fiiqi^i , . . . , gikqvk) ■ • ■ > is an edge of Qc 

if and only if for each i G [k], there exist Xi,Yi G Fi and 4^ G {◄,►,■} such 
that (g, c, Xi , . . . , Xk, Yi, ^i, . . . , Yk, ^k,q') G S and either =◄ and one of the 
following holds: 

G Fi , G £j, fii cx^ and, if ^ ? 

then u[ = ZiYifii, else = e; 

— Hi = e, 3ui G rfi, Vi = XiUi, /r' = £ and, if ^ {D}*) then v[ = UYitti, 
else v[ = S] 

— Xi = W, Hi = £, Vi = s, Hi = £ and, if Yi D, then v[ = DYj, else v[ = £; 
or =► and one of the following holds: 

— 3ai G Fi*, Vi = Xiai, v[ = a* and, if HiYt ^ {D}*, then Hi = k^iYi else Hi = £'i 

— Xi = W, Vi = £, v[ = £, and if HiYi ^ {D}*, then /i' = HiYi, else Hi = 

or = ■ and one of the following holds: 

— 3oj G Fi* , Vi = Xiai, Hi = ki and, if ^ {□}*, then v[ = YiUi, else v[ = £; 

~ Xi = W, Vi = £, Hi = ki and, if Yi D, then v[ = Yj, else v[ = e. 

We say that two LBM’s are e-equivalent if the associated graphs are so. 

3 Multi— work Tape LBM’s 

In this section, it is established that every LBM with k work tapes is e-equivalent 
to an LBM with one work tape. This is done by providing a construction of the 
one work tape LBM from the k work tapes one. 

It is important to note that this result is not necessarily a consequence of the 
fact that the languages recognized by the linear bounded automata with n work 
tapes are the same as those recognized by the linear bounded automata with 
m work tapes, for all n and m in IN (a linear bounded automaton is an LBM 
provided with a set of final states). When two kinds of devices accept the same 
family of languages then the classes of graphs generated by both devices need 
not to be the same up to observational equivalence. For instance, the graphs of 
pushdown automata are not, in general, e-equivalent to the graphs of realtime 
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pushdown automata whereas both kinds of automata accept exactly the family 
of context-free languages. 

Let C = (Q, L", A, • ■ • , A, iJ, <Zo) be a fc work tape LBM. The one work tape 
LBM that is e-equivalent to C, is constructed in the following way. On 
one hand, the work tape inscription of C consists of the concatenation of the 
inscriptions of all the work tapes of C separated by delimiters. On the other 
hand, the motion of the k work tape heads of C is simulated by the single work 
tape head of C by means of head marks. 

More precisely, we introduce the following new characters: for each t in [A:+l], 
a delimiter, written %i, and, for each work tape character X, a correspon- 
ding head mark, written X. In the sequel, for all i in [A:], denotes the set 
{X I X G A}- An internal configuration . . . , ^kQi^k) of C is simulated by 

an inscription %i aiXiPi %2 ... %k otkXkfik %k+i on the work tape of C . This 
inscription is such that, for each i in [fc], t'i yf e =k G {n}*, t'iyi = XiPi), 
v^ = e ^ {Xi=U and A G {D}*) and dy* G {D}*, = ca. 

The LBM CJ simulates £ in the following way. First, in order to simulate the 
initial configuration of £, CJ copies the word %i D %2 ... %fc □ %k+i on its work 
tape. Let 5copy denote the set of transitions of C performing this copy, Qcopy 
denote the set of states involved in Aopy and suppose that after these operations, 
C switches to state qg. A computation for C consists in overprinting a character 
Yi on a character Xi on each work tape i and possibly moving the head of i to 
the left or to the right. This is simulated by C in the following way. If C does 
not move the head of i, then C' overprints A on Xi. If £ moves the head of i 
to the left (resp. right), then £' overprints A on Xi and, if Z is the character 
written to the left (resp. right) of 1), it overprints Z on Z . Overprintings on each 
jth portion of the work tape of C' {i.e. the part of this tape corresponding to the 

work tape of £) that are due to a transition t G 6 are performed by means 
of state qt^i. Moreover, in order to perform each overprinting due to t, the work 
tape head of £' must be able to move from the portion of the work tape to 
the next one to the right (if it exists); this is done by means of the state mty, 
when the last overprinting is done on the fc**' portion, the work tape head comes 
back to the first portion of the tape by means of the state mt^k- 

Whenever £ is placing the head of i before the beginning (resp. after the 
end) of the inscription, £' has to insert D to the right of %i (resp. to the left of 
For that matter, £' shifts to the left (resp. to the right) the portion of 
its inscription from %i to %i (resp. from %i+i to %k+i) and then writes D in 
the right cell. These operations are performed by a set of transitions denoted by 
Sshift and they start from G Qshift (resp. rt,i+i G Qshift) where Qshift is 
the set of states involved in 5shi ft ■ We suppose that after shifting the portion of 
its tape and writting D, £' switches to ruty. 

Finally, take it that £' = {Q' , X , F' , Scopy U Sshift U S',qo') where Q' is the 
set Q U \^qt.i | t G and % G [A:]} U | A G (5 and % G [A:]} U Qcopy U Qshift ? £ 
is the set A U • • • U A U {%i, . . . , %k+i} U Hi U • • • U and 6' is constructed 
this way: t = {q,c,Xi , . . . , Xfc, A, A 2 , ^ 2 , ■ • .,Yk,^k,q') G ^ if and only if the 
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following set is part of 5'-. 

{(g,c,Xi, Yi,4i,gt,i)} U {{qt,i,e,X,X,>-,mt,i)\i€[k-l], X € Fi] U 
{{qt,i,e,%r,%i,U,lt^i)\i &[k\) U {{qt,i,e,%i+i,%i+i,m,rt,i+i) \ i & [k]) U 
{(9t,fc) *1 Wt.fc) I ^ G -Tfc} U 



{{mt,i,£,X,X, \ i&[k-l], X &Ti\J {%i+i} \J Ti+i] IJ 

{ j £f Xi^i , Yi^i , ^ j_|_i , qi^2+i^ I i G [/c 1] I 

{{iTit,k, £, X, X, A,mt^k) I X € Uie[fc] {%i> • ■ • > ^ Uie[fc]\{i} U 

{{rnt,k,£,X,X,m,q') | X G A} . 

Consequently, the internal configurations of C are the elements of 

%i.A*.Q'.ri*.Hi.ri*.%2.A*.H2.A*.%3 ...%feA*.Hfe.rfc*.%fe+i u ... 

(the work tape head may be located anywhere, so the dots mean “the same with 
Q' anywhere else”). 

Obviously, C is an LBM because the number of cells that are used on its 
work tape is a linear function of the size of the input word; this number is 
(fc + 1) + X)ie[fe] 'S'i(tt) where k + 1 stands for the number of cells containing a 
delimiter, n is the size of the input word and the Si are the k linear functions 
in the size of the input word of C. Note that the number of states of £' is in 
0(^k.\6\) and the number of transitions of £' is in 0(1^1- E.CW 1^*1)- 

In view of the definition of C' , the following proposition is straightforward. 
Proposition 3.1. Let i and l' denote the initial configuration of C and C res- 
pectively. Then, QcV] andQc'[d] are e-equivalent. 

4 Synchronized Product of LBM’s 

We consider n LBM Ci,i€ [n]. Suppose that for all i in [n], Ci has ki work tapes, 
Li denotes the initial configuration of Li and Li = {Qi, Ei, A,i, • ■ • , 90 i)- 

Let C C ^ synchronization constraint. The LBM composed 

according to C is the X)ie[n] work tape LBM L defined as follows: the set of 
states is IlieH input alphabet is C, the work tape alphabets are all the 

Tij for i G [n] and j G [ki], the initial state is {qoi, . . . , qo„), and the set of 
transitions consists of tuples 

a, (Xi , . . . , [Xnj)j^[k„] ) ^ij)ie[fci] > ■ ■ • > (^,i) ^n,i)jG[fcn] >9^ 

such that a G C and, for each i G [n], (g^, a*, , (Aj, , g') G <5*. 

Here, for each i G [n], stands for the sequence Xi^i ,...,Xi^ki and 
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stands for the sequence Yi^i , ♦i,! , . . . ,Yi^ki Moreover, qi 

(resp. tti, resp. q'^) stands for the i**' coordinate of tuple q (resp. a, resp. q'). Note 
that the number of states of C is equal to OiGH \Qi\ number of 

transitions of £ is at most equal to OiGin] 

Proposition 4.1. Let l denote the initial configuration of C. Then, graphs 
and riiG[n] ['■*] isomorphic. 

Proof. Let (j) be the one-to-one correspondence 

n A/-(ii such that 

ie[n] iG[fci] iG[n]jG[fci] iG[n] 



(.Tn ,lQnk*n ,1 : ■ • ■ : Tn,kn Qnk^n.kn ) J 
— (M1,i( 91) ■ ■ ■ ) 9n)i^l,l ) • ■ • ) (<Zl; • ■ • ) 9ri)^'n,fe„) ■ 

The roots ti, . . . , in and i are such that , i„) = c. Moreover, according to 

the definition of transitions of £, it is clear that d A d' is an edge of n^g[„] Gcim 
if and only if cj){d) A (fid') is an edge of Gc[i]- El 

In view of the above, the following corollary is obvious. 

Corollary 4.2. The class of graphs of LBM’s is closed, up to isomorphism, 
under synchronized product. 

The next corollary is obtained as a composition of Proposition 13. II and Pro- 
position o 

Corollary 4.3. The class of graphs of single work tape LBM’s is closed, up to 
e- equivalence, under synchronized product. 

5 An Example 

We consider a small portion of a railway network that is composed of three 
stations ^o, Si and S 2 linked together by a single track: 



do Oi dj ^ 02 







Si 




S 2 











oo "" di a'l ^ d2 



Train crossing is allowed only at station which has two platforms. Note that 
a train arriving to 5'i from Sq (resp. S 2 ) may go back to Sq (resp. S 2 ). We model 
the behaviour of this railway portion by means of a synchronized product of 
LBM’s. 

This portion of the railway network may be seen as a composed process in 
the sense that its behaviour is the result of the parallel working of station Si and 
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portions SqSi and S1S2 of the track. Note that this composed process, unlike its 
composing parts, is not a pushdown one i.e. its behaviour cannot be modelled 
by a pushdown transition graph. Indeed, suppose that left-to-right motions 
are distinguished from right-to-left motions. In the left-to-right direction, the 
departure of a train from Sq is represented by do, the arrival of a train at Si is 
represented by oi , the departure of a train from is represented by d'l and the 
arrival of a train at S2 is represented by 02. Notations for the other direction 
are depicted above. Then, if C/ is a rooted graph modelling the behaviour of the 
whole portion, the set Lang(^) of the labels of the paths from the root to any 
other vertex looks like 



G {oo, do, ai,di, a'l, d[, 02, ^2}* Vit, v G {oq, dg, ai, di,a'i,d[,a2,d2}*, 
uv = w^ (|m|oi < |mUo> Ha2 < |w|d' , |u|a/ < \u\d^, lulao < \u\d^, 

\u\di < \u\ai + \u\a[ and \u\d'_^ < |u|ai + |u|a'j| ■ 



Obviously, Lang(C/) is context^ensitive and one can establish, using Ogden’s 
Lemma, that Lang(^) is not context-free. But, if Q was the graph of a pushdown 
process, then Lang(^) would be a context-free language Thus, G is not the 
graph of a pushdown process. 

In order to model the behaviour of the portion of a railway network, we need 
the following construction. We associate to any LBM £ = {Q, S, Fi, . . . , Fk,S, go) 
the LBM C} — (Q, F,Fi,..., Fk, 6 U 5^, go) where 

S^ = {{q,e,Xi,...,Xk,Xi,U,...,Xk,U,q) IgeQand G [k], X, G F,} 



Observe that Gc^ differs from Gc only by e- loops added to each vertex by 5^. 

Let us now specify each part of this railway portion using LBM’s. The beha- 
viour of the track between Sq and Si can be modelled by the machine £g where 
A= ({go,9do,gai,gdi,gao},{ao,do,ai,di},{n,do,di},i5o,go) with 



{ (do ; do , D, do , H, ddo ) 5 (^0 7 di , I, qdi ) , (g^o 7 ^0 7 ^0 7 ^0 7 ^ 7 Pdo ) 7 

iddo 7 £7 ^7 ^7 "7 9o) 7 iddo ,ai,do,Q,<,qdo), {Pdo 7 £7 ^7 4 7 "7 9do ) 7 
(gdi , di , di , di , ► , pdi ) 7 (9di 7 £ 7 ^ 7 ^7 *7 9o) 7 idd^ ,ao,di,U,<,qd^), 
{pd^,e,Q,di,m,qdJ 



The graph of £0 may be depicted as follows: 



ddo 



ai 




<?di 




do 



Uq 




do 

di 



ai 



doPdo 



diPdi 



ao 



K doddgdo 

e 



diqd^di 
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Notice that Lang(C/£i), the set of the labels of the paths in from qo to any 
other vertex, is L* where 

L= {w € {do,ai}* I Vm,w G {<io,oi}* (uv = w ^ |M|ai < \u\d„)} U 

{w G {di,aoY I Vu,w G {di.Oo}* {uv = w ^ Iwlap < |uUJ} ■ 

This means that there cannot be more train arrivals than train departures in 
each direction on this portion of the track and that any train arriving at Si may 
go back to So- The behaviour of the track between Si and S2 can be modelled 
by the LBM £21 the input alphabet of which is {a'i,d'i,a2,d2}, defined in the 
same way as Lq. 

Station is composed of two platforms. One of them is modelled by the LBM 
-^11 = ({?a, Qd}, {a, d}, {D}, {(ga, a, D, D, ►, qd), {qd, d,D, D, 9 a)} U( 5 ji, ga) which is 
such that Lang(t/£i^) = (ad)*. The other one is modelled by the LBM the 

input alphabet of which is {a',d'}, which is defined in the same way as CY- 
Letters a, d, a! and d! have the same meaning as oq ... above. 

The whole portion of the railway network can now be modelled by the syn- 
chronized product of £q; "^11; "^12 with respect to the synchronization 

constraint C described as follows: any arrival to Si from a track corresponds to 
an arrival on a platform and any departure from a platform corresponds to a de- 
parture from Si to a track. Let Eq, Eh, E12 and E2 denote the input alphabet 
of Co, C\i, £12 and £| respectively. Then, constraint C is the set of the tuples 
(co, cii, C12, C2) G L'o U {e} X Ell U {e} x ^12 U {e} x 172 U {e} such that 

(co = oi (cii = a or C12 = a')), (c2 = a'l (cn = a or C12 = a')), 

(cq = di (cii = d or C12 = d')) and (c2 = d'l (cn = d or C12 = d')) . 

We do not give a complete description of the machine that models the whole 
portion of the network because it is quite a big machine (to have an idea, one may 
compute its number of states which is equal to |Qo| x |< 5 n| x IQ12I x \Q2\ = 100 
where Qo, Qii, Q12 and Q2 stand for the set of states of £({, C\i, C^ and C\ 
respectively). 



6 First-Order Logic on Graphs of Linear Bounded 
Machines 

Up to now, we have only addressed the problem of the specification of commu- 
nicating processes within an approach based on linear bounded machines. In the 
present section, we discuss the problem of formal verifications within this ap- 
proach. More precisely we assume that a system of communicating processes has 
been specified, viz each sequential process has been described by an LBM and 
their interaction has been expressed as some synchronization constraint. Up to 
£-equivalence, such a system may be represented by an LBM, the graph of which 
is a synchronized product of the graphs of composing processes. The verification 
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problem consists then in checking the truth of a formula of some logic on the 
resulting graph considered as a model-theoretic structure. 

Concerning the verification problem, we claim that in the area of LBM speci- 
fications, even for rather weak logics, one should not expect algorithmic solutions 
but rather semi-algorithmic ones. More precisely we establish that the first-order 
theory of the graphs of LBM’s is not recursive (even not recursively enumerable) . 

Formally, the first-order theory of a rooted graph Q Q D x C x D where 
C = S U {e:}, is defined as follows. The variables form an infinite countable set 
X and are interpreted as vertices of Q. The binary predicates Sc for each c € C, 
— and the unary predicate r allow to build atomic formulae. These predicates 
are interpreted on Q resp. as — >■, the identity relation on D and the singleton 
{e}, where e stands for the root of Q. Using classical connectives and quantifiers, 
from atomic formulae that are of the form Sc(a;, y), x — y or r(a;), first order 
formulae are constructed in the usual way. The set of valid sentences on Q, i.e. 
valid formulae on Q with no free variable, is called the first-order theory of Q. 
Example 6.1. The sentence 'i x3y VcgC v) belongs to the first-order theory 
of a graph Q if and only if Q has no sink. 

The indecidability result that we have to establish involves linear bounded 
automata (LBA for short). Formally an LB A £/ is a single-work- tape@ LBM 
C = (Q, X,r,S,qo) with a distinguished state f G Q, called the final state. The 
language accepted by £/, written Lang(£/), is the set of labels of all paths in 
the graph Gcl>'] from the initial configuration t to fifn for some fi,v G E*. Two 
LBA’s £/ and £^, are equivalent if Lang(£/) = Lang(£j,). 

The emptiness problem for LBA’s is the following decision problem. 
Instance: An LBA Cf. 

Question: Lang(£/) = 0 ? 

It is well known that this problem is not recursively enumerable. Using this fact, 
we can establish the following. 

Theorem 6.2. The problem 

Instance: An LBM £ and a first-order sentence ip. 

Question: Does ip belong to the first-order theory of Gc ? 

is not recursively enumerable. 

Proof. We show that the emptiness problem for LBA’s is many-one reducible 
to the problem of the statement. 

Let £/ = (Q, A, £, (5, go, /) be an LBA. Let £j = {Q' , E, E,S' ,qo, f) be an 
LBA equivalent to £/ and satisfying the following properties: 

(1) S' n ({/} X c X r X r X {◄, ►, ■} x q') = 0 , 

(2) i5'n({g} X C X {A} X £x {◄,►,■} X Q') 0 for all (g. A) e (Q\ {/}) x E . 

Such an LBA may readily be constructed. Concerning (1), for each rule of 5 that 
has the form (gi, ci, Ai, li, ^i, /), we add a rule (gi, ci, Ai, Yi, 4i, g') where 
g' ^ Q is a new state and each rule (/, C 2 , A 2 , Y 2 , ^ 2 , g 2 ) G <5 is replaced by the 

^ In fact an LBA can be multitape but for the purpose of the paper single-work-tape 
LBA’s suffice. 
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rule {q' ,C2,X2,Y2,^2,q2)- Concerning (2), we add a new state p ^ Q, the rules 
{p,e,X,X,m,p) for all X S C and for each (q,X) € (Q \ {/}) x F such that 
S n ({ 9 } X if X {X} X r X {◄, ►, ■} X (5) = 0, we add the rule (q, e, X, X, u,p). 

Now Lang(£/) = Lang(£j) and the following holds: a vertex pqi' of Gc'^ is a 
sink if and only if q = f. Consequently Lang(£j) = 0 if and only if the sentence 
of Example lOI belongs to the first-order theory of Gey C 

Taking into account the fact that the property of being a sink is expressible in 
the Hennessy-Milner logic PI , the following corollary may be derived from above 
proof. 

Corollary 6.3. The Hennessy-Milner logic is not semi-decidable on the graphs 
of IBM’s. 

We close this section by the following remark. If the existence of sinks is 
expressible within a logic, then it cannot exist a complete formal system for 
checking the truth of the formulae of the logic on graphs of arbitrary LBM’s. 

7 Conclusion 

We have defined transition graphs associated to a peculiar kind of linear boun- 
ded machines that read their input performing all computations on work tapes. 
The closure under synchronized product of the family of graphs thus defined 
has been established up to observational equivalence (considering e-transitions 
as non observable) using two transformations. We hope that both transforma- 
tions may be improved using some speedup and tape compression techniques 
so as to preserve bisimulation (or even isomorphism) instead of observational 
equivalence. 

As a consequence of the closure result and similarly to the Arnold-Nivat 
approach, the linear bounded machines provide a uniform framework for the 
specification of communicating processes. Moreover the expressive power within 
this framework seems to be very satisfactory. However, this has a counterpart 
in the undecidability result. We have established that the first-order theory of 
the graphs of linear bounded machines is not recursively enumerable. This result 
extends to any logic in which the existence of sinks may be stated. It may be 
observed that this is one of the weakest safety properties that one should be able 
to express within a logic usable for verification purposes, since it corresponds to 
the existence of deadlocks. In spite of this negative result, we believe that some 
semi-decision techniques adequate for the graphs of linear bounded machines 
may be developed for various logics. An elementary example of this kind may 
be found in ing. 

The transition graph of linear bounded machine has been defined as the 
maximal subgraph of the configuration graph that is accessible from the initial 
configuration. When this accessibility requirement is dropped, we have a transi- 
tion graph, the vertices of which are all configurations. Since our undecidability 
result was related to the reachability problem, more precisely to the language of 
an LBA, the emptiness problem for LBA does not lead to a similar result in the 
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latter case. Is the first-order theory of such graphs still undecidable ? Currently, 
we do not know the answer to this question. 
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Abstract. A (fractional) repetition in a word ui is a subword with the 
period of at most half of the subword length. We study maximal repeti- 
tions occurring in w, that is those for which any extended subword of w 
has a bigger period. The set of such repetitions represents in a compact 
way all repetitions in w. 

We first study maximal repetitions in Fibonacci words - we count their 
exact number, and estimate the sum of their exponents. These quantities 
turn out to be linearly-bounded in the length of the word. We then prove 
that the maximal number of maximal repetitions in general words (on 
arbitrary alphabet) of length n is linearly-bounded in n, and we mention 
some applications and consequences of this result. 



1 Introduction 

Repetitions (called also periodicities) play a fundamental role in many topics of 
word combinatorics, formal language theory and applications. Several notions 
of repetition has been used in the literature. In its simplest form, a repetition 
is a word of the form uu, commonly called a square. A natural generalization 
is to consider, instead of squares, arbitrary powers, that is words of the form 
u” = uu . . .u for n > 2. We call such repetitions integer repetitions (or integer 

n 

powers). If a word is not an integer repetition, it is called primitive. Integer 
repetitions can be further generalized to fractional repetitions, that is words of 
the form w = u^v, where n > 2 and u is a proper prefix of u. u is called a root 
of w. If u is primitive, quantity n -I- is called the exponent of w, and |u| is 
the period of w. Considering repetitions with fractional exponent may turn to 
be very useful and may provide a deeper insight of combinatorial properties of 
words |De.i72ILot8,1IMP92IMR,S95l( lS9BtTP99j . 

* The work has been done during the first author’s visit of LORIA/INRIA-Lorraine 
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Depending on the problem, the difference between the above three notions 
of repetition may not be relevant (for example if one wants to check whether a 
word is repetition-free) but, as will be seen below, may be important. Besides, 
if one wants to find (or to count) all repetitions in a word, it must be specified 
whether all distmct repetitions are looked for (that is, their position in the word is 
not relevant) or all the occurrences of (possibly syntactically equal) repetitions. 
In this paper we will be mainly concerned with the latter case, and we will 
sometimes say positioned repetitions to underline this meaning. 

When one considers (integer or fractional) repetitions in a word, it is natural 
to consider “maximal” ones, that is those which cannot be further extended to 
the right /left to a bigger repetition with the same period. However, the definition 
of maximality differs depending on whether integer or fractional repetitions are 
considered. In case of integer repetitions, this amounts to those repetitions , 
k > 2, which are not followed or proceeded by another occurrence of u. In case 
of fractional repetitions, a maximal repetition is a subword u^v {v a prefix of 
u, n > 2) which cannot be extended by one letter to the right or to the left 
without changing (increasing) the period. For example, the subword 10101 in 
the word w = 1011010110110 is a maximal fractional repetition (with period 2), 
while the subword 1010 is not. Another maximal fractional repetitions of w are 
prefix 10110101101 (period 5), suffix 10110110 (period 3), prefix 101101 (period 
3), and the three occurrences of 11 (period 1). 

In this paper we study maximal positioned fractional repetitions that, for the 
sake of shortness, we will call simply maximal repetitions^. Maximal repetitions 
are important objects as they encode, in a most compact way, all repetitions in 
the word. For example, if we know all maximal repetitions in a word, we can 
easily obtain all squares in this word, with both primitive and non-primitive 
roots. 

The question “How many repetitions can a word contain?” is interesting from 
both theoretical and applicative perspective. However, one must specify carefully 
which repetitions are counted. 

A word of length n contains 0(n log n) positioned primitively-rooted squares. 
This follows, in particular, from Lemma 10 of pUK,9^ which asserts that a word 
cannot contain in its prefixes more than log^ n primitive-rooted squares which 
immediately implies the nlog^n upper bound (</) is the golden ratio). On the 
other hand, in it was shown that Fibonacci words contain l7(nlogn) 

positioned squares. Since all squares in Fibonacci words are primitively-rooted, 
this proves that 0(n log n) is the asymptotically tight bound. A formula for 
the exact number of squares in Fibonacci words has been obtained in lEsnn|. 
Note that in contrast, the number of distinct squares in Fibonacci words and 
in general, the maximal number of distinct squares in general words (over an 
arbitrary alphabet) is linear in the length |FS99IFS98| . 

The situation is different if only distinct squares are counted. In l^l , it is 
shown that the fc-th Fibonacci word fk contains 2(|/fc_2| — 1) = 2{2 — (j))\fk\ + o{l) 

^ maximal repetitions have been called runs in |lMS97j . maximal periodicities in 
|IVIa.i3h| . and m-repetitions in [KK98j 
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distinct squares is the golden ratio) . The number of distinct squares in general 
words of length n is bounded by 2n (for an arbitrary alphabet) , that was shown in 
IFWI using a result from fnmi . It is conjectured that this number is actually 
smaller than n, at least for the binary alphabet. Thus, in contrast to positioned 
squares, the maximal number of distinct squares is linear. 

In |Gro81| . Crochemore studies positioned primitively-rooted maximal inte- 
ger powers, that is those subwords , k > 2, which are not followed or pro- 
ceeded by another occurrence of u. Similar to positioned squares, the maximal 
number of such repetitions is 0(nlogn). The lower bound easily follows from 
the l7(nlogn) bound for positioned squares in Fibonacci words, as Fibonacci 
words don’t contain 4-powers, and an occurrence of a 3-power is an extension 
of two square occurrences. Therefore, the number of maximal integer powers in 
Fibonacci words is at least half the number of positioned squares, and is then 
0(nlog n). 

What happens if we count the number of maximal repetitions instead of 
integer powers or just squares? Note that a word can contain much less maximal 
repetitions than maximal integer powers: e.g. if u is a square-free word over 
{a,b,c}, then word v^v^v contains |u| -I- 1 (maximal) integer powers but only 
one maximal repetition. What is the maximal number of maximal repetitions in 
a word? 

In the first part of the paper, we study maximal repetitions in Fibonacci 
words. The results of IIMMh7l imply that Fibonacci words contain a linear num- 
ber of maximal repetitions, with respect to the length of the word. This is showed, 
however, in an indirect way by presenting a linear-time algorithm which enume- 
rates all maximal repetitions in a Fibonacci word. In this paper we first obtain 
directly the exact number of maximal repetitions in Fibonacci words, which is 
equal to 2\fk~2 \ — 3. Incidentally (or maybe not?), a Fibonacci word contains 
one less maximal repetitions than distinct squares. 

We also estimate the sum of exponents of all maximal repetitions in a Fi- 
bonacci word. It is known f |IVI that Fibonacci words contain no subword 
of exponent greater than 2 + cj) but contain subwords of exponent greater than 
2 + (j) — e for every e > 0. Therefore, from our previous result, the sum of expo- 
nents of all maximal repetitions is bounded from above by {2 + cj)){ 2 \fk -2 \ ~3) = 
2(2 - <(.) (2 + (/>) l/fc I + o(l) = 2(3 - (^) l/fc I + o(l) R:: 2.764|/fe | + o(l) . We could not 
obtain the exact formula for the sum of exponents, but we give a good estimation 
of it showing that this number is bounded asymptotically between 1.922 ■ \ fk\ 
and 1.926 • \ fk\- 

Fibonacci words are known to contain “many” repetitions, and the fact that 
in Fibonacci words there is a linear number of maximal repetitions, rises the que- 
stion if this is true for general words. We confirm this conjecture and prove that 
a word of length n over an arbitrary alphabet contains 0{n) maximal repetiti- 
ons. The result is both of theoretical and practical interest. From the theoretical 
point of view, it contrasts to the above results about the 0(n log n) number of 
positioned squares or integer repetitions, and shows that maximal repetitions 
are indeed a compact (linear) representation of all repetitions in a word. In par- 
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ticular, this answers the open question rised in [I M Sh7| whether all repetitions 
can be encoded in a linear-size structure and in particular, whether the number 
of maximal repetitions is linearly-bounded. 

From the practical point of view, this result allows us to derive a linear-time 
algorithm of enumerating all maximal repetitions in a word. This algorithm, 
which is a modification of Main’s algorithm LVlai8HI . will be briefly commented 
in the end of this paper, but will be presented in full details in an accompanying 
paper. 

2 Definitions and Basic Resnlts 

Consider a word w = a± ... an- Any word Oi . . . aj for 1 < i < j < n, which we 
denote w[i..j], is a subword of w. A position in w is an integer number between 0 
and n. Each position n in w defines a decomposition w = W\W2 where |r<;i| = tt. 
The position of letter in w is {i — 1). We say that subword v = w[i..j] crosses 
a position tt in w, if j < tt < j. 

If w is a subword of rt” for some natural n, |u| is called a period of w, and 
word It is a root of w. Clearly, p is a period of re = ai . . . a„ iff Oi = a^+p whenever 
1 < i,i + p < n. Another equivalent definition is (see |Lot83| h p is a period of 
w = ai ... On iS w[l..n — p] = w[p + l..n]. The last definition shows that each 
word w has the minimal period that we will denote p{w) and call often simply 
the period of w. The ratio is called the exponent of w and denoted e{w). 
Clearly, a root u of w such that |u| = p{w), is primitive, that is u cannot be 
written as for n > 2. Following trm Chapter 8], we call the roots u with 
|rt| = p{w) cyclic roots. 

Consider w = Oi . . .an- A repetition in w is any subword r = w[i..j] with 
e(r) > 2. A maximal repetition in w is a repetition r = w[i..j\ such that 

(i) if j > 1, then p{w[i — l..j]) > p{w[i..j]), 

(ii) if j < n, then p(w[i..j + 1]) > p{w[i..j]). 

In other words, a maximal repetition is a repetition r = w[i..j\ such that no 
subword of w which contains r as a proper subword has the same minimal period 
as r. Note that any repetition in a word can be extended to a unique maximal 
repetition. For example, the repetition 1010 in word w = 1011010110110 extends 
to the maximal repetition 10101 obtained by one letter extension to the right. 
A basic result about periods is the Fine and Will’s theorem (see CM): 

Theorem 1 (Fine and Wilf). If w has periods pi,P2, and |w| > pi -I- P2 — 
gcd{pi,p2) , then gcd{p\,p2) is also a period of w. 

The following Lemma states some useful facts about maximal repetitions. 

Lemma 1 . (i) Two distinct maximal repetitions with the same period p eannot 
have an overlap of length greater than or equal to p, 

(ii) Two maximal repetitions with minimal periods pi,P2, Pi 7 ^ P2, cannot have 
an overlap of length greater than or equal to (pi -l- P2 ~ gcd{pi,p2)) < 
2max{pi,p2}- 
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Proof. Part (i) is easily proved by analyzing relative positions of two repetitions 
of period p and showing that if they intersect on at least p letters, at least one 
of them is not maximal. Part (ii) is a consequence of Fine and Wilf ’s theorem. 
If the intersection is at least {pi +P 2 ~ gcd(pi,p 2 )) long, then at least one of the 
cyclic roots of the two repetitions is not primitive, which is a contradiction. 



3 Maximal Repetitions in Fibonacci Words 

Fibonacci words are binary words defined recursively by /o = 0, /i = 1, /„ = 
fn-ifn -2 for n > 2. The length of /„, denoted Fn, is the n-th Fibonacci number. 
Fibonacci words have numerous interesting combinatorial properties and often 
provide a good example to test conjectures and analyse algorithms on words (cf 
| ITMS97| V 

As it was noted in Introduction, Fibonacci word /„ contains 0{Fnlog F„) 
squares all of which are primitively-rooted. In |FS9fl] . the exact number of squa- 
res in Fibonacci words has been obtained, which is asymptotically ^{3 — 4>)nFn + 
0{Fn). Since general words of length n contain 0(n log n) primitively-rooted 
squares EM, Fibonacci words contain asymptotically maximal number of 
primitively-rooted squares (at least up to a multiplicative constant). 

In this section, we first count the exact number of maximal repetitions in 
Fibonacci words. Let be the number of maximal repetitions in /„. We prove 
the following 

Theorem 2. For all n > 4, = 2F„-2 — 3. 

We follow the general proof scheme used in |F^ for counting the number 
of positioned squares. Consider the decomposition /„ = fn-ifn -2 and call the 
position between fn-i and fn -2 the boundary. Clearly, the maximal repetitions 
in fn are divided into those which lie entirely in fn-i or fn -2 and those which 
cross the boundary, that is intersect with fn-i (call this intersection the left 
part) and with fn -2 (right part). We call the latter crossing repetitions. Note 
first that the left part and the right part of a crossing repetition cannot be both 
of exponent > 2, since Fibonacci words don’t have subwords of exponent 4. If 
either the left or the right part is of exponent > 2, then the crossing repetition is 
an extension of a maximal repetition of respectively /„_i or fn- 2 - This implies 
that the only new crossing repetitions of /„ that should be counted are those that 
don’t have their right and left part of exponent > 2. Denote c(n) the number of 
such crossing repetitions that we will call composed maximal repetitions of fn. 
Then 

Rn = Rn-l + Rn-2 + c(n). (1) 

The following argument gives the solution. 

Lemma 2. For all n> 8, c{n) = c{n — 2). 

Consider the representation 

fn = fn-l\fn-2 = /ra-2/n-3 I /n-3/n-4 = /n-2 [/n-3 I /n-4] /n-5/n-4 (2) 
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where | denotes the boundary, n > 5, and square brackets delimit the occurrence 
of fn -2 with the same boundary as for the whole word /„. It is known that every 
repetition in Fibonacci words has the period Fk for some k (this is mentioned 
in as a “folklore” result, proved in IgeeSsI b Since > F^-a > 

it follows from (0 that if a composed maximal repetition of /„ has the period 
Ffe for fc < n — 6, then it is also a composed maximal repetition of fn -2 and 
therefore is counted in c(n — 2). Vice versa, every composed maximal repetition 
of fn-2 with period F^ for k < n — 6, is also a composed maximal repetition 
of fn- We now examine the maximal repetitions of /„ with periods Fn- 2 , Fns, 
Fn-4, Fn-5 which cross the boundary. 

Crossing repetitions with period Fn -2 - Tbe last term of 0 shows that square 
{fn- 2 )^ is a prefix of /„ that crosses the boundary. As F„_i < 2F„_2, the 
corresponding maximal repetition does not have a square in its left or right 
part and therefore is composed for /„. Since Fn -2 > Fn/5, any two maximal 
repetitions of /„ with period Fn -2 intersect by more than Fn -2 letters. By 
Lemma 0^i), this shows that /„ has only one maximal repetition with period 
Fn-2- Trivially, the maximal repetition under consideration is not a maximal 
repetition of fn-2- 

Crossing repetitions with period Fns- From the decomposition 
fn = fn-2fn-s\fn-sfn-A (scc 0 ), there is a square {fn-sY with the root length 
Fn-s crossing the boundary. The corresponding maximal repetition does not ex- 
tend to the left of the left occurrence of fn-s, as the last letters of fn-s and 
fn-2 are different (the last letters of ffs alternate). Therefore, this maximal 
repetition does not have a square in its left or right part, and thus is composed 
for fn- As this maximal repetition has a period both on the left and on the right 
of the boundary, it is the only maximal repetition with period Fns crossing 
the boundary (see Lemma 0i)). Again, from length considerations, it is not an 
maximal repetition of fn-2- 

Crossing repetitions with period Fn-i- As /„ = fn-2[fn-f\fn-f\fn-5fn-A = 

/n— s/n— 4 [/n— 4/n— sl/n— s/n— sj/n— 5/n — 4 — /n— s/n— 4 [/n — 4 fn-slfn-Q /n— 7/n— s] 

/„-4 

fn-bfn-i for n > 7, this reveals a maximal repetition of period Fn-A which 
crosses the boundary. However, this is not a composed maximal repetition of fn, 
as it has a square on the left of the boundary. On the other hand, the restriction 
of this maximal repetition to fn-2 (subword in square brackets) is a composed 
maximal repetition for fn-2- 

It can be shown that this is the only maximal repetition of period Fn-A 
crossing the boundary. (There is another one which touches the boundary from 
the right, but does not extend to the left of it.) In conclusion, there is one 
composed maximal repetition of period Fn-A in fn-2 and no such maximal 
repetition in /„. 

Crossing repetitions with period Fn- 5 - Rewrite /„ = 

/n-2[/n-4/n-5|/n-5/n-6]/rt-5/n-4 which shows that there is a square of root 
length Fn-5 crossing the boundary. Since the boundary is the center of this 
square, the latter corresponds to the only maximal repetition with period Fn-5 
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crossing the boundary. However, this maximal repetition is not a composed 
maximal repetition for /„, as it has a square in its right part, as shown by 
the following transformation: /„ = fn- 2 [fn-ifn-b\fn-bfn-G]fn-Gfn- 7 fn-i = 
fn- 2 [fn- 4 fn- 5 \fn- 5 fn- 6 ] fn- 7 j n- 8 fn- 7 fn -4 for n > 8. On the Other hand, the 

fn-5 

restriction of this maximal repetition to fn -2 (subword in square brackets) is a 
composed maximal repetition for fn- 2 - Thus, there is one composed maximal 
repetition of the period Fn -5 in fn -2 and no such maximal repetition in /„. 

In conclusion, two new composed maximal repetitions arise in /„ in com- 
parison to fn- 2 , but two composed maximal repetitions of fn -2 are no more 
composed in /„, as they extend in /„ to form a square in its right or left part. 
This shows that c(n) = c(n — 2) for n > 8 and proves the Lemma. 

A direct counting shows that Rq = 0, R\ = 0, i ?2 = 0, R 3 = 0, R 4 = 1, R 5 = 
3, Re = 7, i ?7 = 13. Therefore, c(3) = 0, c(4) = 1, c(5) = 2, c(6) = 3, c(7) = 3. 
Since c(n) = c{n — 2) for all n > 8 , then c(n) = 3 for all n > 6. We then have the 
recurrence relation = Rn-i + Rn-2 + 3 for n > 6 with boundary conditions 
i ?4 = 1, i ?5 = 3. Resolving it, we get i?„ = 2 F„-2 — 3 for n > 4. Theorem |3 is 
proved. 

Thus, in contrast to squares, the number of maximal repetitions in Fibonacci 
words is linear. Using the same approach, we now estimate the sum of exponents 
of all maximal repetitions in /„. A direct consequence of Theorem |2| and the fact 
that Fibonacci words don’t contain exponents greater than {2+(j)) pMFD2| . is that 
the sum of exponents is no greater, asymptotically, than 2(3 — </))|/fc| ~ 2.764-|/fc|. 
We now obtain a more precise estimation. 

Denote SR{n) the sum of exponents of all maximal repetitions in Fibonacci 
word fn- We prove the following estimation for SR{n). 

Theorem 3. SR{n) = C ■ |/„| -I- o(l), where 1.922 < C < 1.926. 

Similarly to ([3), we write the recurrent relation 

SR{n) = SR(n — 1) -I- SR{n — 2) -I- cx(n), (3) 

where cx(n) is the sum of exponents of those left and right parts of crossing 
repetitions, which have the exponent smaller than 2. (If the exponent of the left 
or right part is 2 or more, it is counted in SR(n — 1) or SR(n — 2) respectively.) 
As before, the goal is to reduce cx(n) to cx{n — 2 ), and a similar argument shows 
that for all crossing repetitions with the period Fj. ior k < n — 6, nothing has 
to be done, as they occur completely inside fn -2 (see (0) and are counted in 
cx{n — 2). As for Theorem|^ it remains to analyse repetitions with periods Fn-2, 
Fn—3, Fn—4, Fn- 5 - 

The crossing repetition with period Fn-2 is composed (both its left and right 
part is of exponent < 2), its length can be shown to he Fn~ 2 = Fn-i + Fn -2 — ‘2-, 
and the exponent ^ xhe crossing repetition with period Fn-3 is also 

composed, of the length 2Fn-s + Fn-4 = Fn-2 + Fn-3, and of the exponent 
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^ turn to the crossing repetition with period F„_4. Recall that 

it extends a repetition present in fn- 2 - Its right part is of exponent < 2, and 
is inside fn- 2 , therefore it is already counted in cx{n — 2), and it does not 
have to be added. Its left part is of exponent > 2, and does not have to be 
counted in cx{n). However, a part of it which is in fn -2 (namely fn- 4 fn- 5 ), is 
of exponent < 2, and therefore has been counted in cx{n — 2). We then have to 
substract . Similarly, the crossing repetition with the period 

Fn -5 has the left part which is already counted in cx{n — 2), and the right part 
which should not be counted, but the part of it of exponent 
has been counted in cx{n — 2) and should be substracted. Putting everything 
together, we obtain the recurrence 

Cx{n) = Cx{n - 2) + 2 - 2 j Fn-2 + Fn-l/Fn-2 + 

Fn- 2 / Fn-3 — Fn-s/ Fn-4 ~ Fn-i/Fn-h, ( 4 ) 

for n > 8. Transforming further this expression, we obtain 

cx{n) = rL—l — 2{l/Fn-2 + ^/Fn-4 + --- + ^/F4 + l/F 2 )+Fn-l/Fn -2 + Fn-2/Fn-3 
for even n > 8, and 



cx{n) — n+1/2 — 2(1/T'„_2 + 1/ Fn-4 + --- + ^/F3 + l/Fi)+Fn-l/ Fn-2 + Fn-2 / Fn -3 
for odd n > 9. To join the cases, we rewrite (0 into 

SR{n) = 2SR{n — 2) + SR{n — 3) + cxfn) + cx{n — 1) = 2SR{n — 2) + 

n— 2 

SR{n - 3) + 2n - 3/2 - 2(^ l/F^) + F„_i/F„_2 + 2F„_2/F„_3 + Fn-3/Fn-4- 
The following estimation can be obtained using some elementary consideration. 

n— 1 

1 / Ff) + Fnj Fn-l + 2Fn-l/ Fn-2 + Fn-2/ Fn-3 < 2 , 

i=i 

for n> 8. We omit the proof. Using this estimation, we get that for all n > 9, 



SR{n) < 2SR{n - 2) + SR{n -3) + 2n+ 1/2. 



Solving this recurrence with initial conditions S'i?(4) = 2, SR{5) = 6.5, SR{6) = 
15|g,S'i?(7) = 29|^,S'i?(8) = 53^, we obtain that 



33 






1 47 

^( 40 — - 
130 

1.926 • \fn 



The lower bound can be obtained as follows. A direct calculation gives the 
values SR(23) = 1.922328-|/23|, S'i?(24) = 1. 922520- I/24I. Then using the obvious 
inequality SR{n) > SR{n — 1) + SR{n — 2), we get SR{n) > 1.922328 • |/„|. 
Theorem El is proved. 
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4 Maximal Number of Maximal Repetitions in a Word 

Since Fibonacci words contain “many” repetitions, Theorem El suggests the fol- 
lowing question: Is it true that general words contain only a linear number of 
maximal repetitions? We answer this question affirmatively. We prove that the 
maximal number of maximal repetitions in words of length n is a linear func- 
tion on n, regardless of the underlying alphabet. Denote by Rep(n) the maximal 
number of maximal repetitions in words of length n (the alphabet is not fixed) . 

Theorem 4. Rep{n) = 0{n). 

The proof of Theorem ^ is rather technical and cannot be given here be- 
cause of space limitations. Actually, we prove that there exist absolute positive 
constants Ci , C 2 such that 

Rep{n) < CiTi — C 2 '/n\ogn 
For the proof we refer the reader to |KK98) . 

5 Applications, Generalizations, Open Questions 

In this concluding section we mention an important algorithmic application of 
TheoremEl discuss its possible generalization, and formulate several related open 
questions. 

An important application of Theorem 0 is that it allows to derive an algo- 
rithm which finds all maximal repetitions in a word in time linear in the length 
of the word. 

The problem of searching for repetitions in a string (or testing if a string 
contains repetitions) has been studied since early 80 ’s. Let us first survey known 
results. In early 80’s, Slisenko claimed a linear (real-time) algorithm for 

finding all distinct maximal repetitions in a word. Independently, Crochemore 
| |Gro83[ described a simple and elegant linear algorithm for finding square in a 
word (and thus checking if a word is repetition- free) . The algorithm was based 
on a special factorization of the word, called s-factorizarion (f-factorization in 
pnnn). Another linear algorithm for checking whether a word contains a square 
was proposed in [IVI 1 ,85] . 

If one wants to explicitely list all squares (or integer powers) occurring in a 
word, there is no hope to do it in linear time, as their number may be of order 
nlogn. Several algorithms have been proposed in order to find all repetitions in 
time 0(n log n). In 1981, Crochemore proposed an O (nlogn) algorithm 

for finding all occurrences of primitively-rooted maximal integer powers in a 
word. Using a suffix tree technique, Apostolico and Preparata fXP8^ described 
an O (nlogn) algorithm for finding all positioned right-maximal fractional re- 
petitions. Finally, Main and Lorentz |MIj 84) proposed another algorithm which 
actually finds all maximal repetitions in 0(n log n) time. In 1989, using Cro- 
chemore’s s-factorization. Main |Ma,i89j proposed a linear-time algorithm which 
finds all leftmost occurrences of distinct maximal repetitions in a word. 
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As far as other related works are concerned, Kosaraju describes 

an 0{n) algorithm which, given a word, finds for each position the shortest 
square starting at this position. He also claims a generalization which finds all 
primitively-rooted squares in time 0{n + S) where S is the number of such squa- 
res. In HS(I98al . Stoye and Gusfield proposed several algorithms that are based on 
a unified suffix tree framework. Their results are based on an algorithm which 
finds in time O(nlogn) all “branching tandem repeats”. In our terminology, 
branching tandem repeats are (not necessarily primitively-rooted) square suffi- 
xes of maximal repetitions. In a very recent paper, Stoye and Gusfield |SGh8bj 
proposed a different approach, combining s-factorization (called Lempel-Ziv fac- 
torization in the paper) and suffix tree techniques. The goal achieved is to find, 
in linear time, a representative of each distinct square. The feasibility of this task 
is supported by the result of mentioned in Introduction. The approach 

allows also to solve some other problems, e.g. to achieve the results claimed in 
[IKoshdj . 

However, so far it has been an open question whether a linear algorithm for 
finding all maximal repetitions exists. In the concluding section of [Mai89j . Main 
speculates that such an algorithm might exist. The same question is raised in 
| IIMS97| . However, there has been no evidence in support of this conjecture as 
the number of maximal repetitions has not been known to be linear. Theorem E] 
provides this argument. Using Theorem^l it can be shown that Main’s algorithm 
can be modified in order to find all maximal repetitions in linear time. This allows 
also to solve other related problems, e.g. to output all squares in a word in time 
0(n-|- S'), where S is the output size (cf |Kos94ISG98bj h The algorithm will be 
described in an accompaining paper. An interested reader may consult |KK98| . 

The results of this paper suggest an interesting question: Gan Theorem 0 asser- 
ting the linearity of the sum of exponents of the maximal repetitions in Fibonacci 
words be also generalized to general words? Putting in direct terms, is the sum of 
exponents of maximal repetitions in a word also bounded linearly in the length 
of the word? 

This conjecture is somewhat related to the hypothesis suggested in 
about the linearity of the maximal number of “branching tandem repeats” in 
a word. Branching tandem repeats are squares uu (not necessarily primitively- 
rooted) which are not followed by the first letter of u. To relate this to maximal 
repetitions, branching tandem repeats are suffixes of the maximal repetitions 
of length 2kp{r), where r is the corresponding maximal repetition and fc > 1. 
The linearity of the maximal number of branching tandem repeats is stronger 
than our Theorem 0 as there are at least as many branching tandem repeats as 
maximal repetitions (each branching tandem repeat corresponds to a maximal 
repetition but one maximal repetition may contain several branching tandem 
repeats). 

If the maximal sum of exponents of all maximal repetitions in a word were 
proved also linearly bounded, this would imply both our Theorem 01 and the 
conjecture of EM, and also shed some light on some facts we will mention 
below. Both authors of this paper strongly believe that this hypothesis is true. 
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This is supported by computer experiments which show that in binary words 
that realize the maximal number of maximal repetitions, maximal repetitions 
are all of small exponent, typically not bigger than 3. This phenomenon is also 
illustrated by Fibonacci words, which contain “many” maximal repetitions, all 
of which are of exponent smaller than 2 + i^Ri 3.618. The above hypothesis would 
shed light on this fact. 

Let us make some other remarks about our results. 

The main drawback of our proof of Theorem 0 is that it does not allow to 
extract a “reasonable” constant factor in the linear bound. It remains an open 
question if a simpler proof can be found which would imply a constant factor. 
We conjecture that for the binary alphabet this constant factor is equal to 1, 
which is supported by computer experiments. 

Concerning counting results of Section 0 we note that Fibonacci words 
don’t realize the maximal number of maximal repetitions among the binary 
words. For example, for length 21 this number is 15 (realized, e.g., by word 
000101001011010010100) while Fibonacci word fr of length 21 contains 13 ma- 
ximal repetitions. 

While the number of maximal repetitions in Fibonacci words is one less than 
the number of distinct squares, computer experiments show that the maximal 
number of maximal repetitions in binary words of length n is apparently slightly 
bigger than the maximal number of distinct squares. In spite of this closeness 
between the number of maximal repetitions and that of distinct squares, there 
is no apparent connection between them. It is possible to conceive words with 
a big number of maximal repetitions and small number of distinct squares. For 
example, the result of |F^ implies that there exist words with only three 
distinct squares but with unbounded number of maximal repetitions. Still, we 
are wondering if the fact that the number of maximal repetitions in Fibonacci 
words is one less than the number of distinct squares is a simple coincidence or 
it has some combinatorial explanation. 
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Abstract. Given an equational theory {S,E), a relaxed {S , E)-system 
is a category S enriched with a X'-algebra structure on both objects 
and arrows such that a natural isomorphism as : ts ^ t's, called natu- 
ral symmetry, exists for each t =e t' . A symmetry is an instance of a 
natural symmetry. A category of symmetries, which includes only sym- 
metries, is a free object in the category of relaxed {E, i?)-systems. The 
coherence property states that the diagrams in a category of symmetries 
are commutative. In this paper we present a method for expressing the 
coherence property in an axiomatic way. 



1 Introduction 

{E , E)-systems are categories enriched with a A'-algebra structure on both ob- 
jects and arrows such that the functors induced by terms satisfy the equations 
E. The satisfaction uses the strict interpretation in the sense that an equation 
t = t' is satisfied by a system S iff the functors tg and tg are equal. These 
categories were introduced in p] to define models for rewriting logic. In 0 a 
relaxed version for these systems was defined, where the equations E are rela- 
xedly interpreted, that is an equation t = t' is satisfied by a system S iff there 
exists a natural isomorphism ts = tg, called natural symmetry. A relaxation 
is partial iff a part of equations are always strictly interpreted. A category of 
symmetries is a free object in the category of relaxed (A, Aj-systems, where 
(A, E) is a given equational theory. The arrows in such a category are instances 
of natural symmetries and are called symmetries. A well known example is that 
of the monoidal categories: the signature is A = {-b, 0} and the set of equations 
E consists of the associativity, left and right units. In such a category the three 
equations are interpreted by natural isomorphisms 0 . A category of symmetries 
is coherent if all diagrams are commutative. The commutativity of diagrams in 
the category of symmetries implies the commutativity of certain diagrams in 
any (A, A)-system 0. Sometimes the coherence is partial in the sense that only 
the diagrams of a certain sort are commutative. For example, this is the case of 
symmetric strict monoidal categories. 

The axiomatic definition of the free 7?.-systems allowed as the well known 
algebraic specification language 0BJ3 to be extended such that it handles spe- 
cifications of concurrent systems. The most representatives extensions in this 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 386-^^3 1999- 
(c) Springer- Verlag Berlin Heidelberg 1999 
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direction are Maude ^ and CafeOBJ 1^. In these languages we can describe 
concurrent systems using rewrite specifications whose standard semantics is the 
initial semantics. The problem becomes more complicated if we use coherent 
relaxed models for rewrite specifications because these models include also sym- 
metries. In 13 an axiomatic construction for the free relaxed models is given. But 
the construction given there assumes the subcategory of symmetries already de- 
fined. So that a full axiomatic construction of the free relaxed model requires an 
axiomatization of the symmetries. 

In this paper we investigate the possibilities to obtain complete axiomatizati- 
ons for categories of symmetries. The key point consists in associating a rewrite 
theory TZ{S, E) with the equational specification by turning the equations into 
rewrite rules. The elegant construction of the free 7^-groupoid given in 0 pro- 
vides already an axiomatization of the free {E , E)-system (the non-coherent 
category of symmetries). The problem of finding axioms which expresses the 
commutativity of the diagrams still remains to be solved. We show that if equa- 
tions E, viewed as rewrite rules, form a convergent (confluent and terminating) 
rewriting system then these axioms are obtained by computing all critical pairs. 
Each confluent rewriting generated by a critical pair produce an equation. The 
set of all equations obtained in this way forms a specification of the commuta- 
tive diagrams. The method can be generalized to the case when E is convergent 
modulo a theory T. 

The paper has four sections. Section 2 presents the basic notions and not- 
ations from rewrite logic used in the paper. Section 3 is devoted to the axio- 
matization of the symmetries and includes the main results. It also includes 
representative examples which show that the proposed method is simple and 
efficient. The last section includes conclusions and directions for further work. 
Due to the space limitation, the proofs are omitted but they (and more details 
and examples) can be found in 

2 Preliminaries 

2.1 Rewriting Logic 

A (unconditional labelled) rewrite specification 7^ is a 4-tuple TZ — {E, E, 

L, R) where if is a signature, if is a set of if-equations, L is a set called the set 
of labels, and i? is a set of labelled rewrite rules written as r : t{x) — ?> t'{x). 
When the set L of labels is derived from the context we shall omit to write it. 
The models for rewrite signatures are (small) categories where both classes of 
objects and arrows have an algebraic structure over the rewrite signature. We 
can define these categories in a general framework. Let if be a set of if-equations. 
A (strict) (if, if)-system is a category S such that: 

(i) for any n G co and / S 5„, there exists a functor /^ : 5" — >■ S, and 

(ii) the induced functors tg and are equal, for any terms t(x) and t'(x) with 
E [= t(x) = t'(x). 
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A (A, £^)-homomorphism between two (A, A)-systems is a functor which pre- 
serves the operations in S. We denote by Sys(A, A) the category of {S,E)~ 
systems. 

Given a rewrite specification TZ = (S,E,L,R), a (strict) 7^-system {TZ- 
model) 5 is a (A, A)-system S such that, for each rewrite rule r : t{x) — >■ t'{x) in 
R, there exists a natural transformation rs ■ ts ^ t'g. We say that a 7?.-system S 
satisfies the sequent \t{x)]E — >■ [t'{x)]E iff there exists a natural transformation 
T : ts ^ t'g. A sequent [f(a;)]£; — >■ [t'{x)]E is a semantical consequence of 
the rewrite specification R, written R |= [t{x)]E — >■ [t'{x)]E, iff it is satisfied by 
all 7^-systems. An 7^-homomorphism F : S ^ S' between two 7^-systems is a 
(A, A) -homomorphism F : S ^ S' which preserves the natural transformations 
corresponding to the rules in R. We denote by 7^-Sys the category of (strict) 
7^-systems. 

The free model 7u{R) in 7^-Sys has as arrows those defined by the following 
inference rules: 

(11) Identities. For each [t] G Te,e{R), 

W^W^] 

(12) E-structure. For each / G En,n G tv, 

Ql : [fl] —>• [f'l]; ■ ■ ■ ,eXn '■ [tn] [t'n] 

/(ai,...,a„) : [f{ti,...,tn)]^ [f{t'^,.^.,t'J] 

(13) Replacement. For each rule r : [f(x)] — >■ [f^(a;)] in R, 

ai : [wi] -» [w(], . ■ . , [w'J 

r(a) : \t{w/x)] — >■ [t' iw' /x)] 

(14) Composition. 

Ql : [fl] \t2\)Ci2 '■ [^ 2 ] [fa] 
oi; 02 : [fi] — >■ [fs] 

modulo the axioms given by: 

(Al) Category. 

— Associativity. For all a, /3, 7 , 

(a;/3);7 = a; (/?;7)- 
— Identities. For each a : [t] — >• [t'] 
a; [t'] = a, [t]; a = a. 

(A2) Functoriality of the E-algehraic structure. For each / G A„,n G w, all 

Q; 1 , . . . ^ eXnj fdi , • ■ • , [In j 

/(g:1^ /?1, . . . , Oin\ jdn) — ■ 5 /(/^li • • • 1 Pnf 

(A3) Axioms in E. For all t{x) =e t'fx), a = («i : [mi] — >■ [ui], . . . , : [m„] — >■ 

KD 

t(o:i, . . . , Ckn) — t (oi, . . . , Ckn) 

(A4) Decomposition. For each rule r : [t(x)] — >■ [f^(a:)] in R, 
ai : [wi] -» [w(], . . . , On : [w„] 

r(a) = r([w]); t'(a) 

(A5) Exchange. For each rule r : [t(x)] — >■ [t'(x)] in R, 
ai : [wi] -» [w(], [w„] [w'J 

r([w]);t'(a) = t{a);r{[w']) 
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The 7^-system Tn = 7^(0) is initial in 7^-Sys. A rewriting logic TZ is an equa- 
tional logic (modulo E) iff the “conservative condition” 

n\=[i\^ [t'\ iff h [t'\ ^ [t] 

is satisfied. A model for an equational logic is an 7?.-system whose category 
structure is a groupoid and is called 7^-groupoid. We denote by 7^-Grpd the 
(sub)category of 7^-groupoids. The free system T^{X) for an equational logic TZ 
is obtained by the inference rules 11-4 plus the rule 

(15) Inversion. 

\t'] 

: [t'] ^ [t] 

modulo the axioms Al-5 plus the axiom 

(A6) Inverse. For any a : [t] — >• [t'] in T^{X), 
a; a~^ = [f]) a~^; a = [t']. 

2.2 Relaxed ( £1)-Systems 

In a relaxed model the equations are preserved up to a (canonical) isomorphism. 
A relaxed {X, i?)-system is coherent if for each equation e the isomorphism which 
preserves e is unique. We will see that the coherence property is equivalent to 
the commutativity of the diagrams of some sort. 

Definition 1. Let (X,E) be an equational presentation. 

1. We say that the eategory S is a relaxed (if, if)-system iff: 

(i) for any n € to and f G i7„ there exists a functor S, and 

(ii) for each pair t{x) =e t'fx), there exists a natural isomorphism ts = t'g, 
called natural symmetry. 

A symmetry in S is an instance of a natural symmetry. 

2. A relaxed (if, if)-homomorphism F : S ^ S' between two relaxed {E,E)~ 
systems is a {X , E) -homomorphism which preserves the symmetries. 

An equivalent way to define relaxed (if, £f)-systems is as follows. We associate 
with (if, E) the rewrite specification 

TZ{X, E) = (if, 0, {SYM“’*' : u ^ V \ u = v in E}). 

A relaxed (if, £f)-system is now an TZ{X, £f)-system S where the natural trans- 
formation ts ^ t'g is an isomorphism, for each t = t' in E. We denote this 
natural isomorphism by SXMs{t,t') or by SYM*’* if the system S is understood 
from the context. It is easy to see that ii t =e t' then there exists a natural 
isomorphism ts = t's. Unfortunately, this isomorphism is not always unique. In 
the next subsection we give a condition under that it is unique. However, we 
use the notation SIMs{t,t') and for pairs t =e t' in the sense that it denotes 
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an arbitrarly chosen natural isomorphism ts = t'g. Note that a relaxed {S,E)~ 
system S is not necessarily an i?)-groupoid because only the symmetries 

are invertible in S. 

We denote by RSys(i7, ill) the category of relaxed (£', £’)-systems. Since 
every strict (if, i?) -system is also a relaxed one, where the symmetries are iden- 
tities, we have the full subcategory inclusion Sys(if, E) ^ RSys(if, E). 

We show now a way to get initial and free objects in RSys(i7, E). We consider 
again the rewrite theory TZ(E,E). Every 72.(X', E)-system S can be transformed 

into a relaxed (17, E)-system S''. S'' is the quotient of the groupoid T ^ — >• (S) 

n{E,E) 

modulo the congruence = defined as follows: 

— for each t =e t' there is a, as ■ ts ^ t'g in S and a : t => t' in Tn{s,E){S) ^ 
T ^ (5) and we set as = a; if there is then we also set = a~^. 

n(E,E) 

If 5 is a TZ{E , E)-system which is a relaxed (17, E)-system, too, then S'' = 
S. It follows that the inclusion RSys(17,i7) ^ TZ{E,E)-Sys is reflective. The 
72.(17, 77)-groupoid T ^ — >• {X) is freely generated by X in RSys(17, E) and it is 

n(E,E) 

the image by the refiector functor of the free 72(17, 77)-system Tn(E,E){X). We 

prefer to denote the free relaxed system T ^ — ;> (If) by Sym*^ Because 

n(E,E) 

all arrows in Sym*^ e(^) symmetries or identities, we call it the category 
of symmetries (corresponding to (17,77)). 

2.3 Coherent Relaxed (17, £7)-Systems 

Because an equation t =e t' may have different equational deductions it follows 
that we can have more than one natural symmetries corresponding to t =e t' 
in a relaxed system S. Each deduction gives rise, by composition, to a possible 
distinct natural symmetry. In this subsection we define the subclass of relaxed 
(17, 77) -systems in which these natural symmetries are identified. 

Definition 2. Let (17, 77) be an equational speeifieation. 

1. A relaxed (17, 77)-system S is coherent iff all diagrams involving only 
symmetries are eommutative. 

2. A coherent relaxed (17, 77)-homomorphism F : S ^ S' between two 
coherent relaxed {E,E)-systems is a homomorphism of {E, E)-systems. 

If we denote by C the set of equations corresponding to the commutative 
diagrams of symmetries, then the quotient of a relaxed (17, 77)-system modulo 
the congruence generated by C is a coherent system. See jS) for a more precise 
definition of the diagrams involved by the coherence property. 

Example 1. Here we consider the case of monoidal categories. The signature E 
consists of a constant 0 and the binary operator -I-, and 77 consists of the axioms: 

(H(-f)) x+ {y + z) = {x + y) + z {ti = ff) 

(L(-|-)) 0 -I- a: = a: {h = t' 2 ) 

{R{+))x + 0 = x (73 = ^ 3 ) 



( 1 ) 
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The rewrite theory TZ{S,E) is: 

: X + (y + z) — >■ {x + y) + z 

:0 + x^x (2) 

: 2; + 0 X 



In order a {E, _E)-system S' to be a monoidal category, i.e., a coherent relaxed 
(if, i?)-system, the diagrams of the following sort: 



x+{y+{z+u)) 



SYM 



ti.t'i 

x,y,z-\-u 



{x+y)+{z+u) 



SYM 



x-\-y,z,'u 



{{x+y)+z)+u 



x+sym: 



x+{{y+z)+u) 









SYM 



ti.i'i 



{x+{y+z))+u 



^x,y-\-z,u 

are necessarily commutative |S|. The axiom corresponding to this diagram is 

SYM‘-‘i+„; sym1^4..,« = * + sym‘^ +z,.; sym^^.6 + « 

This example is studied in detail in subsection o 



We denote by CRSys(i7, E) the category of coherent relaxed {S, E)-systems. 
The inclusion CRSys(A', Tl) ^ RSys(i7,i?) is reflective and hence the inclu- 
sion CRSys(T', E) ^ 'R.{E, E)-Sys is reflective. It follows that the free coherent 
relaxed {E, E)-system on X, denoted also by Sym*^ s(^)> image by the 

reflector functor of the free TZ{E , E)-system Tu{i: , e){^) ■ K is easy to see that 
the free coherent system Sym*^ ^{X) is isomorphic to the quotient of the free 

TZ{E, if)-groupoid T ^ (X) modulo the equations corresponding to the com- 
nis.E) 

mutative diagrams. 



3 Axiomatization of Categories of Symmetries 

The axiomatic construction of the free strict systems is generalized in 0 in 
order to obtain free relaxed models. But this construction assumes the subca- 
tegory of symmetries already defined. In this section we deal with the axioma- 
tization of the free system Sym*^ e(^) CRSys(I7, if). The definition of the 

TZ{E, if)-groupoid T i — ^ (AT) already provides a partial axiomatization. In or- 
n{s,E) 

der to obtain a complete axiomatization we have to add axioms which specify 
the commutativity of the diagrams. We show that if if is a confluent and ter- 
minating theory then these axioms can be computed using the critical pairs. 
The method is then extended to the case when E is confluent and terminating 
modulo a congruence. 
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3.1 Confluent and Terminating Theories 

Assume that E, viewed as a term rewriting system where the equations are 
oriented from left to right, is confluent and terminating. We first show that, if 
we have a set of equations C which specifies the commutativity of the diagrams 
in then the equations C specify the commutativity of the diagrams 

in T i — (AT). We then show how we can get the equations C which specifies 
n{E,E) 

the commutativity of the diagrams in T-r.[e ,e){X) . 

Theorem 1. Let C be a set of equations such that the quotient of ,e){^) 

modulo C is coherent. Then the quotient ofl~ i — ^ (A) modulo C is coherent. 

n(s,E) 

The axioms corresponding to the commutative diagrams in 7tz{s,e){X) can 
be found by computing the critical pairs. Let (s, t) be a critical pair of E). 
Then there exists u such that s u t. We denote by Oi : u — >■ s and 02 : 
u ^ t the corresponding arrows in 7 n(s,E){^)- Because TZ{S,E) is confluent 
and terminating it follows that there exists v such that s^EV-^Et. Let 03 : s — >■ u 
and 04 : t — >■ ?; be the corresponding arrows in Ttz(s,e){^)- For each such a tuple 
(01,02,03,04) we add to C the equation oi;o3 = 02;04. 

Theorem 2. The set C of equations computed as above specifies the commuta- 
tivity of the diagrams in Tu(s , e){X) ■ 

Example: monoidal categories Recall that the equational specification for 
the monoidal categories is given in (Hj and that the rewrite theory (0 is confluent 
and terminating. For the sake of simplicity, we use the more usual notations: 

Oix,y,z = : a: + (y + z) — >■ (a; + y) + 2, 

Xx = : 0 + a: — >■ a;, 

Px = : a; + 0 — >■ cc. 

All rewritings generated by the critical pairs are: 



X + 


{y+{z 


+ u)) 


X {{y z) u) ^ 


(x + (y + ^ 


;) + m) 








((x + y) + 2 ) + u 






X + 


{y+{z 


+ m)) 


(x + y) + (2 + u) — >■ 


((x + y) + 


z) -\-u 


X + 


(y + o) 


— >■ a; + y 








X + 


(y + o) 


— >■ (x + y) + 0— :>x + y 






X + 


(o + y) 


— >■ a; + y 








X + 


(o + y) 


— >■ (a; + 0) + y— >-x + y 






0 + 


(a; + y) 


— >■ X + y 








0 + 


(a; + y) 


-)> (0 + a 


;) + y X + y 






0 + 


0 

0 











From these rewritings we can deduce the following equations, corresponding to 
the commutative diagrams in monoidal categories: 



Axiomatization of the Coherence Property for Categories of Symmetries 393 



“h 0^x,y-\-z^u^ (,^x,y,z “t“ tt) — 0^x,y,z+u^ ^x-\-y,z^u 

(^-^) ^ “t“ Py Q, Px-\-y 

{AL\) X + Xy = Oixfi,y] {px + 

(AA2) Aa;-|-y = 0-Q^x,y] (Ax + p) 

{LR) Ao = po 

In order to have a complete axiomatization for Sym*^ e(^) have to add the 
equations coming from the definition of the strict TZ{S, if)-groupoid T < — ^ (AT): 

Tl(S,E) 

— associativity of 

(^(; )) /^i! P 3 ) = iPi, 02)', 03, 

— identities of 

(L{;)) w;0 = 0 (R{;)) 0;w' = 0 

if /? : tc — >■ w', 

— preservation of composition: 

{PC) (/3i; 02) + {0[-, 0'2) = {01 + 0'i)', {02 + 0'2), 

— decomposition: 

{DEI) a{0^,02,03) = ^wl,w2,w3) {{01 + 02) + 03) 

{DE2) A(/3i) = A„i;/3i 

{DES) p{0i) = pwi;0i 

if 01 : tcl — >■ wl' , 02 : w2 — >■ w2' , 0^ : w3 — >■ w3', and a{0\, 02 , 03 ) '■ 
wl + {w2 + w3) — >■ (tcl' + w2') + w3', 

— exchange: 

{EXl) {01 + {02 + 03))', OiwV , w2' ^w3' — ^wl,w2,w3] {{01 + 02) + 03) 
{EX2) {0 + 0i); = X^i; 01 

{EX5) {01 + 0)', Pwi' = Pwi', 01 

if 01 : wl ^ wl' , 02 '■ w 2 — >■ w 2 ', 0 ^ : w 3 — >■ w 3 ', 

— inverse: 

{INV{a)) ax,y,z',a~^y^z = x + {y + z), a~^yy,ax,y,z) = {x + y) + z, 
{INV{X)) Xx;X-^ = 0 + x, X-^;Xx = x, 

{INV{p)) px',Px^ = x + 0, p-^;px = x, 
if 01 : wl ^ wl' and 02 '■ w 2 ^ w 2 '. 



Remark 1. The role of the decomposition laws is to represent the simultaneous 
rewritings as sequential rewritings and are very important in modeling the con- 
current calculus. From the algebraic specification point of view, the operations 
like a{0i, 02, 03), where 0i are symmetries, are derived operators. Thus, these 
axioms can be omitted in the axiomatization of the symmetries. 

Often in practice it is more convenient to work only with the axiomatization 
of the coherent system Tn{s,E)- 
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3.2 Confluence and Termination Modulo a Congruence 

We suppose now that the equational presentation is (17, iSUT) and E (viewed as 
a term rewriting system) is confluent and terminating modulo T. We assume fur- 
ther that there exists a set of equations C{T) corresponding to the commutative 
diagrams in T i — ). (X). We denote by TZ{S, E/T) the rewrite theory 

(17, T, ^ [t']r \ t = t' in E}). 

By the hypothesis, TZ{S , E/T) is confluent and terminating. We can get the set 
of equations specifying the commutativity of diagrams in T'r,{e,e/t){X) in the 
same way as in subsection 13.11 We denote this set by C{E/T). The subcategory 
TZ{E, E/T)-Sys is reflective in TZ{E , E U T)-Sys and the system 
is the quotient of Ttz(s,eut){X) niodulo the congruence generated by T jSj. It 
follows that the set of equations C{T) U C{E/T) specifies the commutativity of 
a part of diagrams in T-r.[e ,eut){X) . It remains to be solved the diagrams which 
include ^compositions of arrows in 7u(e,e/t){X) with arrows in T'ji(e,t){X). 
But a reasoning similar to that in the previous subsection shows that the set of 
these equations can be obtained by computing the (i7, T)-critical pairs. Recall 
that each such a critical pair is confluent |2j . 



Example: symmetric monoidal categories The signature is the same as for 
the monoidal categories but the equations are the following ones: 

(^(+)) X + {y + z) = {x + y) + z, (T(+)) 0 + x = x, 

{R{+))x + 0 = x, {C{+)) X + y = y + X. 

We consider the following rewrite system E: 

o-x,v,z ■■ X + {y + z) ^ {x + y) + z, 

Xx : 0 + X = X, 

Px ■ X + 0 ^ X 

modulo T = {C(-|-)}. We denote by •jx,y the symmetry jx,y '■ x + y = y + x. 

The axioms produced by the {E, i7)-critical pairs are obtained in the same 
manner as for the monoidal categories: 

( 4 !^) {x 0^x,y-\-z,u: (^^x,y,z — 0^x,y,z+u: 0^x-\-y ,z,u 

(^-bl) X Xy O:a;,0,y! (Tx,0 V): (*^a: 4“ 

(v4Z/2) Xx+y — ^Xx ~\~ y') 

(^R) X Py — Px+y 

(LR) Ao = po 

The {E, T)-critical pairs are: 

X + {y + z) ^ {x + y) + z = z + {x + y) ^ {z + x) + y, 

X + {y + z) = X + {z + y) ^ {x + z) + y = {z + x) + y, 

X + {y + z) ^ {x + y) + z = {y + x) + z = z + {y + x) ^ {z + y) + X, 

X + {y + z) = X + {z + y) = {z + y) + X, 
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X + 0 — ?► X, 

x + 0 = 0 + x— 

0 + X — >■ X, 

0 + x = x + 0— >-x, 



and produce the following equations: 

(^^1) ^x^y,zi 'yx+y,z-! ^z,x,y “h '7y,z\ ^x,z^y; {,'^x^z “t“ 

CXx,y,z] il^x,y “t“ z')'^ ^y+x^z] ^z^y,x = (x + 'Jy^z')] ’^x,y+z-, 

Px — Ta:,0! ^x^ 

^x — 0^0,a:i Pxi 

The axioms which specify the commutativity of diagrams in 'T i — y 

n(E,T) 

(Cl) 7x.o = X 

(C2) = x + y (equivalent to 7 “), = -fy,x), 

(C3) 7 u,i.u, 2 ; (/32 + /?i) = (/3i + h)', lw{,w'^ (exchange), 
ii (3i ■. Wi ^ w[ i = 1 , 2 . 



All these axioms together with A(; ), L(; ), i?(; ), PC, DEl—'i, EXl—?,, and 
INV form a complete axiomatization for symmetric monoidal categories. Note 
that these axioms are not independent. For example, LC can be deduced from 
RC, Cl, and A {; ). 

Recall that the symmetrical monoidal categories are not full coherent relaxed 
(27, C)-systems because not all symmetry diagrams commute. A typical example 
is the following one: 



SYM^+^'^+“ 



a + a 



a + a 



We have no = a + a. This property is crucial in the definition 

of the concatenable processes for Petri nets mu- Nevertheless, this example is 
representative for our method because the class of commutative diagrams in 

T i — (Ai) is an input for the procedure we propose here. 
n(s,T) 



3.3 Partial Relaxation 

The definitions in section TT7\ can have different nuances. For example, we may 
be interested in the category of relaxed models where the natural isomorphism 
corresponding to the associativity is always the equality of functors. We call these 
models strictly associative. In a similar way, we can have strictly commutative 
models, strictly commutative and associative models, and so on. Generally, if 
E' is the subset of the equations strictly interpreted, i.e., if t = F in E' then 
the functors tg and tg are equals in all systems S, and E” is the subset of the 
equations relaxedly interpreted, i.e., if t = fMn E" then there exists a natural 
symmetry ts = in each system S, then we write relaxed (27, E' , F7")-system 
for relaxed (27, i7)-system. We denote by RSys(27, i7', i7"), CRSys(27, FI', i7"). 
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and CRSyS(;;(I7, E' , E"), the corresponding full subcategories of (coherent )/(C- 
coherent) {E, E' , E")-systems. RSys{E, E' , E") is reflective in RSys(H, if' U 
E”) and the category of symmetries in RSys(i7, if', if") is the quotient of the 
category of symmetries in RSys(If, if' U if") modulo a congruence pl- This 
congruence coincides with =e' on objects and identifies the if'-symmetries with 
the identities. 

There is also a direct axiomatic way to define the category of symmetries in 
RSys(if, if', if"). By the second theorem of isomorphism, there exists a congru- 
ence =e/e' such that t =e t' iff =e/e' [t']E' ■ In fact, because E = if'Uif", 
=EjE' coincides with the congruence generated by if" over Te,e'{X). Consider 
the rewrite specification 

TI{E,e) = : [t]E' [t']E’ I t = t' in E'}). 

The category of symmetries in RSys(if, if', if"), Sym*^ is the strict 

groupoid T ^ — >■ (ff). 

The axioms corresponding to the commutative diagrams for the coherent 
category Sym*^ e"{^) obtained in two steps: we first compute the axioms 
corresponding to commutative diagrams in Sym*^ as in subsection 

EB afterwards we replace in each equations any occurrence of a term t (denoting 
the identity) by [t]E' and any occurrence of a symmetry SYM^* with t =e' t' by 
the identity [t{w)]E>- 

Example: symmetric strict monoidal categories A symmetric strict mono- 
idal category is a symmetric monoidal category where all symmetries correspon- 
ding to A(-l-), L(-l-) and R{+) are identities. The axiomatization for symmetric 
strict monoidal categories is obtained from the axioms for symmetric monoi- 
dal categories by replacing the symmetries ax,y,z,^x, and px by identities. For 
example, ACl becomes 

{AC) yx+y,z = (a: -f 7j,,^); (q^.z -f y) 

and AC 2 becomes a consequence of AC. Also, we have to add the axioms which 
are A3-instances for the associativity and unit. 

The result axiomatization is the same with that given in m-- 

— associativity of 

(^(; )) /?i; (/?2; Ps) = iPi, P 2 )', Ps, 

— identities of 

{L{;)) w; P = P {R{;)) P;w' = P 
if /3 : w — >■ w', 

— preservation of composition: 

{PC) (/ 3 i; P2) + {P[; P'2) = {Pi + P’l); {P2 + P'2), 

— non-relaxed axioms in E: 

(^(+)) Pi + {P2 + Pa) = {Pi + P2) + Pa, 

(I^(+)) P + 0 = P, 

— all exchange axioms become trivial identities. 
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— commutativity of diagrams: 

(AC) ^x+v,z = {x + 7 y,z); + y), (Cl) 'yx^o = x, 

(C3) 7-uji ,W2 : (/^2 “t“ /?l) (/?! “t“ /?2): ,w'^ 5 (C2) 7x,y : X + y, 

A Pi : Wi ^ w'i i = 1, 2. 

We note that symmetrical strict monoidal categories are not full coherent 
because the symmetrical monoidal categories are not. 

4 Conclusions and Further Work 

Until now, the problem of finding axiomatizations for categories enriched with 
an algebraic structure was studied only on particular cases CEDI. In this paper 
we presented a method which can be applied to a large class of such categories. 
The method presented here is based on the computation of the critical pairs. 
A problem which arises is that if the completion procedures 0 can be adapted 
such that they can compute the axioms corresponding to the coherence property. 

The use of categories as models for rewrite specifications increases their prac- 
tical utility. By axiomatizing these categories, we have the possibility to program 
them in specification languages as Maude or CafeOBJ. Further work will be fo- 
cused on this aspect. 
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Abstract. Sewing grammars are very simple grammars, still able to de- 
fine families of mildly context-sensitive languages. These grammars are 
inspired from Marcus contextual grammars and simple matrix grammars. 
We consider various families of sewing grammars. Some of them lead to 
very special families of languages such that each such family is a mildly 
context-sensitive family of languages, and, moreover, most of the funda- 
mental problems, like the equivalence problem, the inclusion problem, 
etc., are decidable. 



1 Introduction 

The need of mildly context-sensitive families of languages was emphasized in 
connection with linguistics, see and (Z|. As far as we know, no systematic 
investigation of grammars or other devices that define such families of languages 
has been done. The aim of our paper is to introduce very simple grammars that 
can define mildly context-sensitive families of languages. Our paper is just a first 
step in order to have a systematic view of those grammars that define mildly 
context-sensitive families of languages. 

A mildly context-sensitive family of languages should contain the most signi- 
ficant languages that occur in the study of natural languages. Languages in such 
a family must be semilinear languages, and, moreover, they should be compu- 
tationally feasible, i.e., the membership problem for languages in such a family 
must be solvable in deterministic polynomial time complexity. 

It is well known that the hierarchy of Chomsky does not contain such a 
family. Whereas the family of context-free languages has good computational 
properties, it does not contain some important languages that appear in the 
study of natural languages. The family of context-sensitive languages contains 
all important languages that occur in the study of natural languages, but no 
algorithm in deterministic polynomial time is knew for its membership problem. 

Remark 1. By a mildly context-sensitive family of languages we mean a family 
C of languages such that the following conditions are fulfilled: 

* This work has been partially supported by the Project 137358 of the Academy of 
Finland. 



G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 39S-^H1 1999. 
(c) Springer- Verlag Berlin Heidelberg 1999 
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(i) each language in £ is semilinear, 

(ii) for each language in £ the membership problem is solvable in deterministic 
polynomial time, and 

(iii) £ contains the following three non-context-free languages: 

• multiple agreements: £i = {a*6*c* | i > 0}, 

• crossed agreements: £2 = {a^Vd'd^ I £ j > 0 }> and 

• duplication: £3 = {ww \ w G {a, &}*}. 

Note that in the literature some authors consider that such a family contains 
all context-free languages, and/or some other non-context-free languages: k mul- 
tiple agreements: £3 = {a\a\ ■ ■ - a\ | * > 0} where /c > 3, marked duplication: 
£3 = {wcw I w G {a, 5}*}. In the sequel we will consider these variants, too 
The paper is organized as it follows. Firstly, we introduce the basic type of 
sewing grammar and we show that the corresponding family of languages is a 
mildly context-sensitive family of languages. This type of grammars is exten- 
ded to a more general type of grammars. We investigate pumping lemmata for 
the languages defined by these grammars as well as closure properties of these 
families of languages. 

Next we define some families of languages that are almost mildly context- 
sensitive, and, moreover, for languages in these families the problems of equiva- 
lence, of inclusion, etc., are decidable problems. 

Finally, we discuss some other extended models as well as further topics of 
research. 

Now we recall some terminology and definitions that we will use in this paper. 
Let S be an alphabet and let S* be the free monoid generated by E with the 
identity denoted by A. The free semigroup generated by E is A7+ = E* — {A}. 
Elements in E* (A7^) are referred to as words {nonempty words). A is the empty 
word. A context is a pair of words, i.e., (u,v), where u,v € E* . 

The families of regular, linear, context-free, context-sensitive and recursively 
enumerable languages are denoted by REG, LIN, CF, CS and RE, respectively. 
Assume that A7 = {oi, 02, . . . , a^}. The Parikh mapping, denoted by E, is: 

E : E* — ^ N'^, 

E{w) = {\w\a„\w\a,,,...,\w\a^). 

If £ is a language, then the Parikh set of £ is defined by 
E{L) = {E{w) \ w G L}. 

A linear set is a set M C such that M = {no -I- I foi' 

some Vq, Vi, ... , Vm in . A semilinear set is a finite union of linear sets and a 
semilinear language is a language £ such that l£(£) is a semilinear set. 

In the sequel we recall the definition of a simple matrix grammar. 

Definition 1. A simple matrix grammar of degree n (see ) is an ordered 
system G = {N\,. . . ,Nn,E,P,S) where Ni,l < i < n, are pairwise disjoint 
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alphabets of nonterminals, S is a terminal alphabet, S is the start symbol, 

n 

5^ru|JiV„ 

i=l 

and P is a finite set of n- dimensional vectors of rules, {r\, . . . ,rn), where each 
rule Vi is a context-free rule over the alphabet NiU E such that for all pairs of 
rules, Vi : Ai — > Xi , rj : Aj — > Xj it follows that |a;i|Ar. = \xj\Nj, 1 < *, J < n. 

Moreover, P contains rules of the form (S u), with u € E* and also rules 
of the form (S — >■ A 1 A 2 . . . An), where Ai S Ni, 1 <i <n. 

Let G be a simple matrix grammar of degree n. G defines a relation of direct 
derivation as follows: 



S V iS {S ^ v) € P 



and 



UiXiu'-^ . . . UnXnU'n UiViu[ . . . UnVnU'n iff {Xi Vi , . . . , Xn ^ Vn) & P, 

where Uj e E* , m' S (if U Ni)*,j = I, . . . ,n, Xi € Ni,i = I, . . . ,n. 

The derivation relation induced by G, denoted is the reflexive and tran- 
sitive closure of =^g- 

The language generated by G is: L{G) = {w G if* | S' w}. 

In this paper the so called regular (linear) simple matrix grammars are of a 
special interest. 

Definition 2. A regular (linear) simple matrix grammar of degree n, where n > 
1, is a simple matrix grammar of degree n, G = {Ni, . . . , Nn, E, P, S) such 
that all the rules occurring as components in the n-dimensional vectors from P, 
excepting the rules starting with S, are Chomsky regular (linear) rules. 

Contextual grammars were firstly considered in ^ with the aim to model 
some natural aspects from descriptive linguistics like for instance the acceptance 
of a word (construction) only in certain contexts. For a detailed presentation of 
this topic, the reader is referred to the recent monograph |^. 

Definition 3. A Marcus simple contextual grammar is an ordered system G = 
(E,B,C), where E is the alphabet ofG, B is a finite subset of E* , the base of 
G, and C is a finite set of contexts, i.e., a finite set of pairs of words over E. 

Let G = (E,B,C) be a Marcus simple contextual grammar. The direct de- 
rivation relation with respect to G is a binary relation between words over E, 
denoted =>g, or =^, if G is understood from context. By definition, x =>g Vi 
where x,y € E* iS y = uxv for some (u, v) G G. The derivation relation with re- 
spect to G, denoted or =>*, if G is understood from context, is the reflexive 
and transitive closure of the relation 
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Definition 4 . Let G = {S,B,C) be a Marcus simple contextual grammar. The 
language generated by G, denoted L{G), is defined as: 

L{G) = {y & E* \ there exists x € B, such that x y}. 

The reader is referred to |H1 or 0 for the basic notions of formal languages 
we use in the sequel and to 0 and 0 for interrelations between linguistics and 
formal languages. 

2 Sewing Grammars: The Basic Model 

Here we introduce the basic model of sewing grammars, we give some examples 
and we show some properties of these grammars. 

Definition 5 . A sewing grammar is a construct G = {S, B,G,n, f), where S 
is an alphabet, n > 1 is an integer called the degree of G, B C (if*)", B finite, 
is the base ofG, G C (if*)", G finite, is the set of contexts (or rules) of G and 
f is a recursive function, / : (if*)" — > if*, called the zipper function of G. 

Using the above notations, a sewing grammar G defines a relation of direct 
derivation, denoted =^g or =^, between elements in (if*)". By definition 

{xi,X2,...,Xn) =^G {yi,y2,---yn) 

iff there exists {zi, Z2, ■ ■ ■ , Zn) € G, such that yi = XiZi, 1 <i <n. 

The reflexive and transitive closure of =^g or is denoted by =^*g or 
=>* and called the relation of derivation defined by G. 

The n-ary language defined by G, denoted by nL{G), is by definition: 

nL{G) = {{xi,X2,. ■ ■ ,Xn) & (if*)" I {ui,U2,..., Un) =^*G {xi,X2, ■■■,Xn), 

for some {ui,U2, ■ ■ ■ , Un) € B}. 



Definition 6 . Let G = {S , B ,G,n, f) be a sewing grammar. The language de- 
fined by G is: 

L{G) = {f{xi,X2, .■.,Xn) I {xi,X2, ■ . ■ , Xn) € nL{G)}. 

Therefore the language defined by a sewing grammar G = (if, B, G, n, f) is 
the set of all words obtained by applying the zipper function / to the n-tuples 
from the n-ary language nL(G). 

Notation. We denote by SWn{f) the family of all languages generated by 
sewing grammars of degree n and with the zipper function /. 

Remark 2 . In this paper we mainly consider that the zipper function / is the 
catenation function of arity n, denoted catn, i.e., the function, catn : (if*)" — > 
if*, Catn{ui,U2, ...,Un) = U1U2 . . . . 

We will drop the indice / whenewer this is the case. For instance SWn 
denotes the family SWn{f), where / is the catenation function. 

Moreover, note that for n < m, it follows that 5W„ C SWm- 
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Theorem 1. Let S be an alphabet. 

(i) The languages 0, S* , F C S* , F finite are in SWn for every n> 1. 

(ii) The language of multiple agreements, Li = | i > 0}, is in SWn for 

every n > 3. 

(Hi) The language of crossed agreements, L2 = \ i,j > 0} is in 5W„ 

for every n > 4. 

(iv) The language of duplication, L3 = {ww \ w € {a, &}*}, is in for every 

n>2. 

Proof, (i) The language 0 is generated by a sewing grammar of degree 1 with 
B = %. The language E* is generated by a sewing grammar of degree 1 with 
B = {(A)} and the contexts C = {(a) \ a € E}. Finally, a finite language F is 
generated by a sewing grammar of degree 1 with B = {(u) \ u G F} and the 
contexts C = {(A)}. 

Therefore all these languages are in iSWi and, using Remark |2| it follows that 
they are in all families 5W„, with n > 1. 

(ii) The language Li is generated by the sewing grammar 

Gi = ({a, b, c}, B, C, 3, cat^), 

where B = { ( A, A, A) } and C = { (o, 6, c) }. 

(Hi) The language L2 is generated by the sewing grammar 

G2 = {{a,b,c,d}, B,C,4,cat4), 

where B = {{X, A, A, A)} and C = {[(a. A, c, A)], [(A, b, A, d)]}. 

(iv) Finally, the language L3 is generated by the sewing grammar 

G3 = ({a,b,},B,C,2,cat2), 

where B = {(A, A)} and G = {(a, o), (b, b)}. 

Therefore, using Remark Owe conclude the proof. □ 

Comment. Concerning the language: 

k-multiple agreements: L'l = {a^a^ ■ ■ - | * > 0} where k > 3, 

one can easily prove, using the method from Theorem 0 that L( is in iSW„, for 
n > k. 

As in Theorem 0 it can be proved that the language: 
marked duplication: Lg = {wcw \ w € {a, 6}*}. 
is in SW2 (replace in the grammar associated to L3, the set B with R = {(A, c)}. 

Theorem 2. Each language in SWn, where n>l is a semilinear language. 

Proof. Let L be a language in 5W„, n > 1. Let G = (E,B,G,n,catn) be a 
sewing grammar of degree n such that L(G) = L. Define the Chomsky regular 
grammar G' = ({S'}, A, S', tt), where 



7T = {S 



U1U2V2 . ■ . UnS I [{ui,U 2 , . . . Un)] S CjU 
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U{5' XiX2 ■■ - Xn I (xi, X2, . . . x„) € B}. 

Let L' be the language L{G'). One can easily see that L and L' are letter 
equivalent, i.e., 'f'(L) = tf'(L')- Since L' is a regular language, it follows that L' 
is a semilinear language. Therefore, also L is a semilinear language. □ 

The membership problem consists in the following problem: given a language 
L C S* (defined by a certain type of grammar, automaton, etc.) and a word 
w S B* to decide by an algorithm whether or not w is in L. The existence of such 
an algorithm as well as its complexity are very important from the practical point 
of view. The next theorem shows that the membership problem for languages in 
iSWp, p > 1 is in 7^, the class of all deterministic polynomial time complexity 
problems. 

Theorem 3. For every p>l and for every L S iSWp the membership problem 
is solvable in deterministic polynomial time. 

From Theorem Q] Theorem and Theorem 0 we obtain the following: 

Theorem 4. For every integer n > A, the family is a mildly context- 

sensitive family of languages. 

Now we prove some pumping lemmata for languages in iSWn, where n > 1. 
Let G = {B,B,C,n,catn) be a sewing grammar of degree n, n > 1. Let 
X = (xi, X 2 , . ■ . , Xn) be a vector from B. The length of x, denoted |a:|, is by 
definition, |a;| = |a;i| + |a; 2 | + . . . + \Xn\. Similarly, the length of a context c G G, 
c = {ui,U 2 , • . • , Un) is by definition |c| = |ui| + |u 2 | + . . . + |u„|. Note that for 
every cG C, |c| > 0, since we can assume that G does not contain the completely 
empty context. 

Theorem 5. Let L Q S* be a language in SWn, n > 1. There exist two integers 
m > 1 and fc > 1 such that: 

(i) (pumping an arbitrary context) If w G L such that |?n| > m, then w has a 
decomposition w = X 1 U 1 X 2 U 2 ■ . ■ XnUnXn+i, with 0 < |ui| + |u 2 | + . . . + |u„| < 
k, such that for all z > 0, the following words are in L: 

Wi = Xiu\x 2U2X3 . . . XnUnXn+l. 

(ii) (pumping an innermost context) If w G L such that |r/;| > m, then w has a 
decomposition w = xiU\yiX2U2y2X^ ■ ■ - XnUnynXn+i! with 0 < |ui| + |U 2 | + 
. . . + \un\ < k, and |z/i| + |j/ 2 | + • ■ • + \yn\ < zn, such that for all i > 0, the 
following words are in L: 

Wi = Xiu\yiX2u\y2X2, . . . XnU\ynXn+l- 

(Hi) (pumping an outermost context) If w G L such that licl > m, then w has a 
decomposition w = uiyiU 22/2 ■ • - Unyn, with 0 < |ui| + |u 2 | + . . . + \un\ < k, 
such that for all i > 0, the following words are in L: 

Wi = u\yiu\y2 . ..ul^yn. 
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(iv) (pumping all occurring contexts) If w G L such that |i(;| > m, then w has a 
decomposition w = M1J/1U22/2 • ■ - UnUn, with 0 < |j/i| + |j/2| + . . . + \yn\ < w, 
such that for all i > 0 , the following words are in L: 

Wi = u\yiu\y 2 . ..<?/„• 

(v) (interchanging contexts) If w,w' G L such that |?«| > m and |w'| > m, 
then w and w' have decomposition: w = X1U1X2U2 ■ ■ ■ XnUnXn+i, and w' = 
x'iu'ix'2u'2 ■ ■ ■ x'^u'^x'^j^i, with 0 < |mi| + |u2| + . . . + \un\ < k, and with 0 < 
im + im + . . . + |u^| < k, such that also the following two words, z and z' , 
are in L, 

z = X1U1X2U2 ■ ■ ■ Xnu'^Xn+i, and 
z' = x\ui_x'2U2 . . . 

Theorem 0 can be used to show that certain languages are not in a family 
SWn, n > 1 . 

Theorem 6 . Ifm,n>l such that m < n, then SVdm C and the inclusion 

is strict. 

Proof. Clearly, SWm C iSW„. see Remark |3 It remains to show that the 
inclusion is strict. Consider the language: 

L= M > 0 }. 

Let G = {S, B, C, n, catn) be the following sewing grammar, where: 

E= {01,02, ... ,a„}, B = {( A, A, . .., A )}, and C = {(oi, 02, . . . , o„)}. 

n 

It is easy to see that L{G) = L and hence L G 5 W„. On the other hand 
L is not in SAim since L does not satisfy the condition from Theorem 0 (z). 
Therefore SWm is strictly included in 5 W„. □ 

Combining Theorem 0 and Theorem 0 we obtain: 

Theorem 7 . The families (iSW„)„>4 define an infinite hierarchy of mildly con- 
text-sensitive languages. 



3 Sewing Families of Languages and Decidable Problems 

In this section we introduce some special families of sewing languages. Each such 
a family is almost a mildly context-sensitive family of languages, and, moreover, 
each such family has good decidability properties. 

We start by introducing a special type of sewing grammar. If n is an integer, 
n > I, then [n] denotes the set |I, 2 ,...,n}. An n- function is a function g : 
[n] — >■ N, where N denotes the set of all positive integers. The length of an 
n-function g, denoted |t/|, is defined as |g| = g(l) -I- g{ 2 ) g{n). 
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Definition 7. Let n> 1 be a fixed integer, let g be an n-function and let k > 1 
be a fixed integer. A sewing grammar G = {S, B,C,n,catn) is of type (g,k) 
iff for all c = (ci, C 2 , . . . , c„) € C, \ci\ = g{i), i = 1, 2, . . . , n and for all b = 
( 6 i, 62 , . . . , 6 n) & B, bi = X for all i ^ k and \bk\ < I 5 I • 

Notation. Let n > 1 be an integer, let g be an n-function and let 1 < fc < n be 
an integer. We denote by SWn,g,k the following family of languages: 



SWn,g,k = {L I there exists a sewing grammar G = {E, B, C, n, catn) 
of type {g, k) such that L{G) = L}. 



Remark 3. Assume that n > 1 is a fixed integer. Let g be an n-function and let 
1 < fc < n be an integer. Consider an alphabet E and let Ei and E 2 be the 
following two alphabets: 



Ai = {[a] I \a\ = \g\,aGE*} 



and 



E 2 = m I |/3| < \g\,P&E*} 



Note that for each w G E* there exist and are unique two integers p,r > 0 
such that 

1^1 = Pldl + ^ Eind 0 < r < \g\. 

Moreover, notice that for w does exist a unique decomposition: 



w = W 1 W 2 ■ ■ ■ Wk(3wk+i ...w, 



such that for all t = 1,2, ...,n, liCij = pg{i) and \j3\ = r. Hence, each Wi, 
1 < i < n is the catenation of p words from E*, Wi = with 

G E* , I < j <p, such that = g{i), where 1 < j < p. 



Now define the function: p”-* : E* 



EIE 2 , such that, 






One can easily prove the following: 



Proposition 1. The function is a bijective function. 

Next two results show the importance of the function p”’^. 

Proposition 2 . If G = {E, B,C,n,catn) is a sewing grammar of type (g,k), 
then the language {L{G)) is a regular language. 
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Proof. We define a regular grammar G' = {S, {S'}, S, P) where S is a new 
symbol. The set of productions P is defined as follows: 

P = {S )> [uiU2 . ■ . Un]S I (mi, U2, . . . , Un) G CjU 

U{S )> [viV2 ...Vn] I (vi,V2,...,Vn) € B} . 

One can easily prove that L{G') = (pg’^{L{G)). Hence, ipg’^{L{G)) is a regular 
language. □ 

As a consequence of this result we show that each family SWn.g.k has good 
decidability properties. 

Theorem 8. For each family SyVn,g,k the following problems are decidable: 

(i) the equivalence problem {Li = L 2 ?). 

{ii) the inclusion problem (Li C L 2 ?)- 
(Hi) the completeness problem {L = E*l). 

Proof, (i) Clearly, for a given sewing grammar G of degree n and of type 
{g, k) one can effectively find a regular grammar G' such that 

L{G') = ^-g^\L{G)). 

Since the function is bijective, it follows that two sewing grammars G\ 
and G 2 of degree n and of type {g, k) are equivalent if and only if 

= p-g'HHG2)). 

Note that the above equality is an equality between regular languages and thus 
it is decidable if this equality is true or not. 

{ii) Similarly, the inclusion L{G\) C L{G 2 ) if and only if 

Pg^HHG,)) C ^-’>^{L{G2)). 

Note that the above inclusion is an inclusion between regular languages and 
hence it is decidable if this inclusion is true or not. 

{Hi) Let G be a sewing grammar of degree n and of type {g,k). One can 
easily verify that 

L{G) = S* if and only if v?g’''^(L(G)) = rj‘A' 2 . 

Again, the second equality is decidable since ipg’’^{L{G)) is a regular language. 

□ 



Remark 4- Other problems, for instance the membership problem, the emptiness 
problem, the finiteness problem are decidable problems for each family iSW„. 

Remark 5. For every n > 4, each family SYdn,g,k is almost a mildly context- 
sensitive family of languages, i.e., each such family satisfies all conditions to be a 
mildly context-sensitive family of languages, except that the language of crossed 
agreements is not in such a family. 

A rather long combinatorial argument can be used to show that the language 
of crossed agreements is not in any such family SyVn,g,k- 
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4 Isometric Zipper Functions 

Let n be a fixed natural number, n > 1, and let Sn be the group of all permutati- 
ons of degree n. Let Bn = {0, 1}" be the set of all Boolean n-dimensional vectors. 
We define the multiplication of two vectors from Bn componentwise using the 
rules: 0.0 = 1.1 = 1 and 0.1 = 1.0 = 0. 

For every p € Sn and for every k = (fci, . . . , fc„) G Bn, define the catenative 
function catp^k ■ (if*)” -)> E* by catp^k{ui, ■ ■ ■ ,Un) = fci(up(i)) . . . 
where 0(u) = mi(y) and l(u) = v. 

Let Gn be the set {catp^k \ P G Sn, k G Bn}- Define a binary operation on Gn, 
denoted 

i^CCltp k^-i^Cdtn^j') — C-dtpn^kj - 

It is easy to see that {Gn, ■) is a group of order 2”n! and, moreover, that Gn is 
isomorphic with the group of all isometries (symmetries) of the n-dimensional 
hypercube. 

If L is a subset of (if*)”, then there are 2"n! functions which may transform 
L into a language over if*. 

Definition 8. An isometric zipper function of degree n is a function catp^k, 
where p € Sn and k € Bn- 

Notation. We denote by SWn{catp^k) the family of those languages generated 
by sewing grammars of degree n using the zipper function catp^k- 

Theorem 9. Each family SWn{catp^k) is a mildly context-sensitive family of 
languages, where n > 4, p G Sn and k G Bn - 

Note that all pumping conditions from Theorem Elcan be established for each 
family SWn{catp^k) with some adequate modifications. 

Remark 6- Note that although for a fixed n > 1 there are 2"n! different zipper 
functions the number of different families SWn{catp^k) is much smaller. For 
instance, one can easily see that for every p,q G Sn it follows that SWn{catp^k) = 
SWn{catq^k)- 

However this is not true if someone change the Boolean vector k- 
It is an open problem how many different families SYdn{catp^k) there are for 
a given number n. 

5 Comparison with other Families of Languages 

In this section we investigate the interrelations between the families iSW„, n > 1 
and the families of languages in the Chomsky hierarchy as well as with families 
of simple matrix languages. 

Notation. Let be the function 

■- SIS 2 E* 

such that is the inverse of the function Pg’^- 
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Theorem 10. Let L C S1S2 be a regular language that can be generated by a 
regular grammar with only one nonterminal and with only one terminal produc- 
tion. Then the language is a sewing language of degree n and of type 

ig,k). 



Proposition 3. A language L is in if and only if L can be generated by 

a regular matrix grammar of degree n having only one nonterminal. 

Comments. From the above Theorem one can find alternative proofs for the 
Theorems Q 0] 01 and 01 

Proposition 4. Assume that n = 2 and let p G Sn be a permutation. Consider 
the Boolean vectors b = (1,0) and d = (0, 1). The following equalities are true: 

SWn{catj,^b) = SWn{catp^d) = SM. 

where, we recall that SM is the family of all Marcus simple contextual languages. 

Remark 7. The families SYdn{catp^k), n > 1, are not comparable with any of 
the families REG, LIN and CF. The reason is that the language a* U b* is 
not contained in any of the families SWnicatp^k), whereas each of the families 
SWn{catp^k), where n > 1 contains non-context-free languages. 

6 Conclusion 

Sewing grammars provide a very simple generative device able to define classes 
of mildly context-sensitive languages. A modern trend in linguistics referred to 
as “minimality” requires very simple models in order to capture most of the facts 
that occur in natural languages. We hope that sewing grammars will be used as 
a tool in linguistics. Also, sewing grammars and sewing languages are suitable 
for other investigations in formal languages and combinatorics of words. 
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Abstract. We consider the number of states and the number of transiti- 
ons in Watson-Crick finite (non-deterministic) automata as descriptional 
complexity measures. The succinctness of recognizing regular languages 
by Watson-Crick (arbitrary or 1-limited) automata in comparison with 
non-deterministic finite automata is investigated, as well as decidability 
and computability questions. Major differences are found between finite 
automata and Watson-Crick finite automata from both these points of 
view. 



1 Introduction 

Watson-Crick finite automata are language recognizing devices similar to fi- 
nite automata, recently introduced in DNA computing area, 0. They use a 
double-stranded tape, whose strands are separately scanned by read-only heads 
controlled by a common state; the symbols placed in corresponding cells of the 
two strands are linked by a complementarity relation. Several variants were in- 
vestigated in g, 0; see a comprehensive presentation in Chapter 5 from 0. 
It is known that restricted variants of Watson-Crick automata characterize the 
recursively enumerable languages modulo morphic images. 

The complexity of recognizing languages by Watson-Crick finite automata 
was not yet investigated. We contribute here to filling in this gap, by consi- 
dering two descriptional complexity measures: the number of states and the 
number of transitions. We mainly investigate two problems: (1) how efficient the 
Watson-Crick automata are in comparison with finite automata (when recogni- 
zing regular languages), and (2) decidability and computability questions usual 
in the descriptional complexity area, 0. 

We find that there are regular languages which need arbitrarily many states 
or transitions in finite automata which recognize them, but require only a boun- 
ded number of states or transitions when they are recognized by Watson-Crick 
automata. In what concerns the second problem, we prove that many questi- 
ons about Watson-Crick automata are undecidable (while they are known to be 
easily decidable for finite automata). 

These results show that the use of a double-stranded tape is quite powerful, 
a fact already observed in many places in DNA computing. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 409-^2^ 1999. 

(c) Springer- Verlag Berlin Heidelberg 1999 
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We only partially solve another basic problem in descriptional complexity, 
that of non-triviality of the considered measures for Watson-Crick automata (the 
existence of languages of an arbitrary complexity). In particular, we completely 
leave open the connectedness problem (whether or not for each natural number 
greater than a given threshold there is a language of the complexity equal to 
that number). 

In the last section we briefly investigate another complexity measure, the 
maximal distance between the two heads of a Watson-Crick automaton reached 
when recognizing the strings of a language. 



2 Definitions 



We only give here some notations and the definitions of Watson-Crick automata. 
For formal language elements we refer to HU ; in particular, we use HU for details 
about finite automata. 

We write a (non-deterministic) finite automaton in the form A = (K,V,sq, 
F, P), where K is the set of states, V is the alphabet, sq is the initial state, F is 
the set of final states, and P is the set of transition rules, of the form sa — >■ s', 
s,s' G K,a G V (in state s one reads the symbol a and one passes to state s'). 
Thus, the recognized language is defined by L{A) = {x G V* \ Sgx =>* s/, 
for some s/ G Fj. (V* is the free monoid generated by V; the empty string is 
denoted by A and F* — {A} is denoted by .) 

The family of regular languages is denoted by REG. 

Let us now consider an alphabet V and a “complementarity” relation on V 
(like the Watson-Crick complementarity relation among the four DNA nucleot- 
ides), p GV X V , which is symmetric. Denote 



WKp{V) = { ^ \a,bGV,{aM^pY- 



The set WKp{V) is called the Watson-Crick domain associated to V and 



p. The elements 



(V) 


is 


called t 


Ol 




02 




.bi. 




.b 2 _ 





G WKp(V) are also written in the form 



Wi 

W2 



, for wi = 0102 ... a„, and W2 = h\b2 ■ ■ - bn- We call such elements 



Wi 

W2 



WKpiy) molecules. According to the usual way of representing DNA molecules 
as double-stranded sequences, we also write the product monoid {V* ^V*) in the 



fori 



and its elements in the form 



A Watson-Crick finite automaton (in short, a WK automaton) is a construct 



A={K,V,p,So,F,P), 



where K and V are disjoint alphabets, p Q V x V \s & symmetric relation, 
Sq G K, F C K, and P is a finite set of transition rules of the form s ( ^ | — t s', 

\yj 



for s, s' G K, x,y G V* . 
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The elements of K are called states, V is the (input) alphabet, p is a com- 
plementarity relation on V, sq is the initial state, F is the set of final states. 

The interpretation of a rule s ( ^ ) — >■ s' is: in the state s, the automaton passes 

\yj 

over X in the upper level strand and over y in the lower level strand of a double- 
stranded sequence, and enters the state s'. Intuitively, a WK automaton looks 
as suggested in Figure Q] 




Fig. 1. A representation of a WK automaton. 



For 





and s, s' S K, we write 



s 






s' €P. 



We denote by =>* the reflexive and transitive closure of the relation 
The language recognized by a WK automaton is 



L{A) 



{wi G K* I So 



Wl 

U>2 



s/, for some W 2 G V* and s/ G Fj. 



We emphasize the important fact that we start from molecules (elements of 
WKp(V)) and we stop when the two strands are completely parsed and we reach 
a final state. 

In g), j2| one also defines other languages associated with a WK automaton, 
but we do not consider them here. 

One can see that a WK automaton is a finite automaton with a double- 
stranded tape (and two read heads, one for each strand of the tape). 

A WK automaton is said to be in the 1 -normal form if, for each transition 

rule s ( ) — >■ s', we have \xy\ = 1 (Iwl is the length of w). 

\yj 

It is proved in 0 that for each WK automaton A there is an automaton A! 
in the 1-normal form, such that L{A) = L{A'). 

Convention. When comparing the languages recognized by two automata, 
the empty string is ignored. 
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In the same way as we pass from WK automata in the 1-normal form to 
arbitrary WK automata (we call them block WK automata), we can pass from 
usual finite automata to finite automata with transitions of the form sx — >■ s': 
in state s we read the string x and pass to state s'. We call such an automaton 
a block finite automaton. 

As it is already mentioned in Pj, the WK automata are equivalent in power 
to the two-head finite automata, 0 , 0 , nn|. Still, the WK automata are motiva- 
ted not only by the DNA computing, but also by the supplementary freedom in 
their definition, arising from the use of a double-stranded tape, with a symmetric 
(complementarity) relation among corresponding symbols (the variants conside- 
red for WK automata are not known for two-head finite automata). Thus, our 
paper can also be considered as a contribution to the study of two-head finite 
automata. 

3 Complexity Measures for WK Automata 

We denote by NFAi, WKi the sets of nondeterministic finite automata and of 
Watson-Crick finite automata in the 1-normal form; by NFAb, WKf, we denote 
the set of block automata of these types, respectively. Clearly, NFAi C NF At 
and WKi <^WKh; because each finite automaton can be simulated in a natural 
way by a Watson-Crick automaton (scan the upper strand as in the finite auto- 
maton and scan any symbol in the lower strand in any state), we also consider 
that NFAi C WKi and NFAb C WKb- 

These observations raise the question of comparing the complexity of descri- 
bing a given regular language by finite automata and by WK automata. The 
basic complexity measure of finite automata is the number of states, which was 
investigated in many papers, see m and its bibliography, 0, m, etc. Another 
parameter which estimates the size of a nondeterministic finite automaton is the 
number of transition rules. Up to now, none of these measures was considered 
for WK automata. 

Formally, if K and P are the sets of states and of transition rules of a given 
finite automaton A or a WK automaton A, then we denote 

State(A) = card{K), 

Trans(A) = card{P). 

We extend these measures in the usual way to languages; for instance, 

StateNFAi(L) = min{S'tote(A) | L = L{A),A G NFAi}. 

In this way we get Statex{L),Transx{L) for X G {NF Ai,NF Ab, WKi, 
WKb}. 

Many natural problems are to be investigated for such measures. The follo- 
wing three sections are devoted to three classes of such problems. 
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4 Decidability Questions 



Several decidability problems for descriptional complexity measures are syste- 
matized in jnj. We consider here only a few of them. 

Theorem 1 . (i) None of the mappings Mx{L{A)), for M € {State, Trans}, 
X G {WKi,WKb}, can be computed algorithmically. 

(ii) Given an integer n, it is not decidable whether or not Mx{L{A)) = n, 
for any M G {State, Trans}, X G {W Ki,W Kb} , and an arbitrary Ag X. 

(iii) There is no algorithm able to construct Aq such that L(Aq) = L(A) and 
M(Mq) = Mx{L{A)), for an arbitrary A G X , X G {W K\,W Kb} ■ 

Proof. Consider an instance of the Post Correspondence Problem (in short, 
PCP) over the alphabet {a,b}, x = {x\,X2, . . . ,Xn),y = (yii ?/2, • ■ • , 2 /n); thus, 
Xi,yi G {a,6}+, 1 < i < n. We construct the WK automaton 



A = ({so, Si, S 2 , S3}, (a, b, c}, {(a, a), (b, b), (c, c)|, sq, |si, S3}, P), 

A" 



U |S2 



Si, Si 



C) 



Si, So 



S 2 , S 2 



S2, S2 



XiC 



C) 

S2 I 1 < * < n}. 



-f S3} 



It is easy to see that using the states so,si we can recognize any string of 
the form a™, m > 1 . If we use first the transition so f S2, then we have to 

'A' 



finish with the transition S2 



S3 (this is the only terminal state accessible 



from S2). This means that the molecule we recognize is of the form 



, with 



w G {a,b}*. In order to obtain such a molecule, before using the transition 



S2 



S3 we have to use one time only a transition of the form S2 



x^c 

yi 



S2; before this transition, we can use any number of times transitions of the form 

' Xi' 



S2 



y^ 



S2, I <i <n. Consequently, w = x^^Xi.^ ■■■Xik = yiiVii ■ ■ - yik (and. 



because we use a transition of the form S2 



XiC 

yi 



S2, we have k > 1), that is 



w corresponds to a solution to the PCP for x, y. 
In conclusion. 



L{A) = 



if PCP(a;,y) has no solution. 



a+ U L, otherwise. 



where L is an infinite subset of |c}{a, 6} ■*■{€}. 
If L{A) = a’*', then we obviously have 



StatewKi{L{A)) = 1 = Statew Kb{L{A)) , 

TranswKb{L{A)) = 1 , 

TranswKi{L{A)) = 2 . 



414 



A. Paun and M. Paun 



However, if L{A) ^ , then: 



- StatewKb ^ 2: from Lemma 5.11 in 0 we know that if StatewKb{L) = 1, 
then L = L+; because such an equality is not true for our language, it follows 
that we need at least two states in order to recognize it. 

- TranswKt{L{A)) > 2: we need at least one transition passing over strings 
composed of the symbol a only (in order to recognize elements of a'*") and 
at least one transition also passing over strings containing symbols b and c, 
needed for recognizing strings of the form cwc, with w S {a,b}~^. 



- TranswKi{L{A)) > 6: we need transitions of the form s 




— >■ s' and 



s 




— >■ s' for all a € {a, b, c}. 



Consequently, Mx{Li) < Mx{L 2 ) in all cases, for L\ = a“*" and L 2 = a’*' U L as 
above, that is, StatewKi{L{A)) = 1 = StatewKb{L{A)),TranswKb{L(A)) = 1 
and TranswKi(L(A)) = 2 if and only if PCP(a;,?/) has no solution, which is 
not decidable. This proves both points (i) and (ii). Because both parameters are 
trivially computable for automata, also point (iii) follows. □ 



5 Succinctness Questions 

In general, when having two sets of generative (or recognizing) mechanisms, 
Gi-,G 2 such that Qi C ^ 2 j and a complexity measure M defined on Q 2 and 
extended in the natural way to languages, we have Mg^{L) > Mg^{L), for all 
languages generated (recognized) by devices in Qi . Stronger forms of this relation 
can be considered (see, for instance, 0). We write: 

Gi > G2{M) iff there is L such that Mg^{L) > Mg^{L), 

2 

Gi > G2{M) iff for each n there is L„ such that Mg^{Ln) — Mg^{Ln) > n, 

Gi > G2{M) iff there are Ln,n> 1, such that lim = 00 , 

n-s-oo MgALn) 

4 

Gi > G2{M) iff there are L„,n > 1, such that Mg^(Ln) > n and Mg^{L) < k, 
for a given constant k. 

i i— 1 

Clearly, > implies > for each i = 2,3,4. 

We are now going to compare the finite automata and the WK automata 

i 

from the points of view of measures State and Trans, looking for relations > as 
above with as large i as possible. 

For some integer fc > 1, let us consider the language 

Lk = {x" I n > l,a; G {a, 6}^}. 



Lemma 1. StatewKb{Lk) < 3. 
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Proof. The language Lk can be recognized by the WK automaton 
A = ({so, si, S 2 }, (a, b}, {(a, a), {b, 5)}, sq, {S 2 }, P), 

Sif^“fS2|a;G{a, &}*}. 



Indeed, when parsing a molecule 



ccia :2 ■ ■ .x„ 

2/12/2 ■ • - 2/n J’ 



for some Xi,yi £ (a, &}*,! < 



i < n,n > 1 (strings whose length is not a multiple of k cannot be recognized), 
we must have X 2 = yi,xs = y 2 , ■ ■ ■ ,Xn = 2/n-i (from the form of the transition 
rules) and Xi = yi, 1 < i < n (from the complementarity relation). Therefore, 
Xi = Xi+i, 1 < z < n — 1, that is the recognized string is in Conversely, each 
string in L/^ can easily be seen that it can be recognized by our automaton. □ 



Lemma 2. StateMPAbi^k) >2^ + 1. 

Proof. The set (a, b}^ contains 2^ strings; let us denote them, in any given order, 
by xi, . . .,X 2 k. 

Let A = (K, {a, bj, So, P, P) be a block finite automaton recognizing the 
language Lfc- Because, for each z, 1 < z < 2^, we have x^ £ Lk, there is a state 
Si £ K such that there is a cycle in the transition graph of A recognizing a string 
Wi yf A, that is SiWi =>* Si. This means that also Siwf =>* Sj is possible, for 
all n > 1. This implies that C Sub{x^) (Sub{L) is the set of substrings of 
strings in L). 

Assume now that there are i j,l < i,j < 2^, such that Si = sj. The 
following two parsings are possible in A: 

Sfi, 

such that yiwfzi = xf and yjWjZj = x’f, for some yi, Zi,yj, Zj £ {a,b}*, with 
Sfi,Sfj G F. This is true for all p,q > 1, so we may suppose that g,h are 
arbitrarily large. However, also the following parsing is possible in A\ 

P Q P Q V* Q V* V* 

soyiWfwjZj =4> SiwfwjZj SiWjZj SiZj Sfj. 

Because p and q can be arbitrary, the string yiW^w'jzj is of the form x\wxj, where 
I and t can be arbitrarily large. Such a string is in Lk if and only if z = j, which 
is a contradiction. Consequently, K contains 2^ different states Sj, 1 < z < 2^. 

None of these states can be the initial state of A. If Si is the initial state, 
then the following parsings are possible: 

SiWfZi =^* SiZi =^* Sfi, 

SiyjWjZj =^* Siw'jzj =^* SiZj =^* Sfj, 

such that w^Zi = xf and yjWjZj = Xj, for some Zi, yj,Zj £ (a, b}*, with Sfi, Sfj £ 
F. As above, we can mix the two parsings, and get a parsing for the string 



soViW^i Zb 
soyjwpj 



SiWpj 



- 

' SbZj 
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w^UjwIzj = x\wx*, with arbitrarily large I and t, which implies the contradictory 
equality i = j. 

In conclusion, card{K) >2^ + 1, that is, StateNFA^iLk) >2^ + 1. □ 

Actually, in the previous lemma we have equality, because the following block 
finite automaton clearly recognizes the language 

A= ({5o}U{5* I 1 < 2 < 2^},{a,6},5o,{si | 1 < i < 

P — {^0^2 ^ ^ I 1 ^ 2 ^ 2 } . 

Combining the previous lemmas, we get: 

Theorem 2. NFA}, > W K},{State) and NFAi > WKf,{State). 

Lemma 3. StatewKi(Lk) < 4fc+ 1. 

Proof. Using the same idea as in the proof of Lemma Q, we can see that the 
following WK automaton recognizes the language Lfc: 

A = {K, {a, 5}, {(a, a), (5, b)}, sq, {sfc+i}, P), 



where 



K = {si I 0 < i < A: + 1} 

U {Sa,i, Sb,i, Sab,i I 1 < i < fc - 1} U {Sa,k,Sb,k}, 

P — ^ ^ I 0 ^ z ^ A: 1} 

U {Sfc Sa,l, Sk f ^ j 



u 



u 






^ ^a6,Z5 



^ab. 



{Sa,?: 



Sk 



41 ) 



'^a,z+l5 ^a6,z 

(X 

> Sk, Sb,k I ^ 



Sb,i+1 I 1 < j < A; - 1} 



Sk, Sk 



Sfc + 1, Sfc+1 1 ^ Sfe + l: Sfc + 1 



' Sfe+li 

A 
b 



Sfc+l}- 



(On the path from sq to Sk one recognizes an arbitrary string x G {a, b}^ in 
the upper strand, on the cycles from Sk to Sk one recognizes arbitrary strings of 
length k in both strands, but shifted with k positions; because of the shift and 
of the complementarity relation, the string recognized when passing from sg to 
Sk should be repeated, that is, we get a string in Lk-) 

One can see that card{K) = 4A; + 1. □ 

Combining Lemmas El and 0 we get: 
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Theorem 3. NFA\ > WKi{State). 

Note that we cannot also compare NFAf, with WKi, because we do not have 
the inclusion NFAb C WKi. 

Theorem 4. NFA\ > WKi{Trans), NFAi > WKb{Trans), and 
NFAb > WKb{Trans). 

Proof. If a finite automaton has n reachable states, then it has at least n tran- 
sitions; thus, TransNFAb{Lk) > 2^ -|- 1. However, from the construction in the 
proof of Lemma 0we see that Trans-^KiiLff) <Qk + A. Thus, the first and the 
third relations in the theorem follow. 

For the second relation in the theorem we consider the language (a^)*, for 
some k > 1. It is easy to see that a finite automaton with transitions of the 
form sa -A s' needs at least k transitions (and at least k states) in order to 
recognize this language, while a block WK automaton with one state and one 

transition can recognize it (sq ( , ) — >■ sq is enough). Consequently, the relation 

VoV 

NFAi > W Kb{Trans) follows. □ 

3 

We do not know which of the relations > in Theorems El and El can be replaced 

4 

by the stronger relation >. 

It is interesting to note that even on the one-letter alphabet (in this case, the 
complementarity relation is unique and, at the first sight, looks useless) the WK 
automata are more efficient than finite automata. Let us consider the singleton 
language 

L'k = 

Obviously, State NFAiiL'k) = 2/c -|- 1, but we can recognize this language with 
the WK automaton 

A = ({si I 0 < f < fc} U {sa, s'a}> {a}> {(«: a)}: so, {sfe}, P), 

P = {so (a) (a) 

U {si Si+i I 0 < f < /c - 1}. 

The cycle (soj Sq, s(,, Sq) introduces one symbol in the upper strand and two in 
the lower one, while the path from sq fo Sfc introduces k symbols in the upper 
strand. This means that we can repeat the cycle exactly k times, otherwise the 
numbers of symbols in the two strands are not equal and the initial molecule is 
not a complete one. Consequently, we have only one correct parsing, recognizing 
the string 

2 

Thus, on the one-letter alphabet we have at least relations of the form > 
among NFAi and WKi for both measures State and Trans. 
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6 Connectedness/Triviality Questions 



A measure M of descriptional complexity (of languages generated or recognized 
by devices in a given class G) is said to be non-trivial if for each n there is a 
language such that Mp(L„) > n, and connected if there is no such that for 
each n > no there is Ln with Mg{Ln) = n. 

Theorem 5. Both measures State and Trans are non-trivial for WK automata 
in the 1 -normal form. 

Proof. Consider the alphabet V = {a, b} and assume that all languages over V 
which can be recognized by WK automata in the 1-normal form can be reco- 
gnized by such automata with at most n states. The number of automata using 
at most n states and two symbols is finite, so they can recognize only a finite 
number of languages. This is contradictory, because the WK automata can re- 
cognize an infinite number of languages (for instance, all regular languages) over 
V. Similarly for the number of transitions (if we have at most n transitions, then 
we have at most n-\- 1 states). □ 

The connectivity problem (as well as the triviality problem for block WK 
automata) remains open. In view of the results in the previous sections, we 
expect some difficulties in solving this problem. One further evidence to this 
assertion is provided by the following observation. 

Consider an alphabet V and its barred version, V = {d \ a G V}. Define the 
morphisms ft,, /i on K U K by ft(a) = a, ft(a) = A and ft(a) = A, ft(a) = a, for all 
a G V. The twin-shuffle language over V is defined by 

TSv = {a; G (K U V)* \ h{x) = h{x)}. 

In |3| it is proved that each recursively enumerable language L can be writ- 
ten in the form L = g(TS^Q iy), where 5 is a deterministic gsm mapping. The 
“universal” language TS^q i^ can be recognized by a block WK automaton with 
only one state: 



A = ({so}, (0, 1, 0, 1}, 1(0, 0), (1, 1), (0, 0), (I, I)}, so, (sol, 





I So, 

So}). 



All occurrences of symbols 0, 1 in the upper strand (the morphism ft erases 
them) and all the barred symbols in the lower strand are ignored (the morphism 
ft erases them). However, with each barred symbol in the upper strand its non- 
barred variant is associated in the lower strand, such that the order of paired 
symbols is the same in the two strands. This corresponds to the checking of the 
equality h{x) = h{x). 

We can conclude that the power of small Watson-Crick automata is impres- 
sive. 
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7 Final Remarks 



We have considered here two natural measures of complexity for (nondetermini- 
stic) Watson-Crick automata, the number of states and the number of transiti- 
ons. The main result of the paper is that these automata can recognize regular 
languages in a significantly more efficient manner than finite automata. 

These two complexity measures are classic in the case of finite automata. 
We can also consider a measure which is specific to Watson-Crick automata 
(which, however, is not a descriptional complexity parameter, but a dynamical 
one, defined on computations) : the maximal distance between the two read heads 
of the automaton during the recognition of a string. 



Let A = (K,V,p,so,F,P) be a WK automaton and A : sg 
Sf,Sf € F, be a computation with respect to A. We define 



Wi 

W2 



Dist{A) = max{||a:i| — |x 2 || | : so 



Wi 

W2 







Xi,X 2 are suffixes of W\,W 2 , respectively}. 



For w G L{A), we put 

Dist{w, A) = mm{Dist{A) | Z\ : sq 



■ w ■ 
-w' . 



Sf,Sf G F} 



and we get 

Dist{A) = sup{Hist(w, A) | w G L{A)}. 

Then, for a language L, we define 

DistwKa {L) = vai{Dist{A) \ L = L{A),A G WATq}, a G {1, b}. 



It is easy to see that we have 
Theorem 6. REG = {L \ DistwKt{L) < ooj. 

(If the two heads of a WK automaton are always at a bounded distance, 
then a “window” of a bounded length plus the state can control the work of the 
automaton without using two heads, hence a finite memory and a usual single- 
stranded tape suffice. Conversely, it is obvious that for each regular language L 
we have DistiYKi(L) = 1.) 

Moreover, we have the following result (contrast it with the triviality of the 
corresponding problem for measures State and Trans): 

Theorem 7. The mapping Dist(A) is not algorithmically computable. 

Proof. For the WK automaton A in the proof of Theorem [Q we have 



Dist{A) 



0, PCP(a;,j/) has no solution, 

1, otherwise. 



which implies that we cannot compute Dist{A) for this particular WK automa- 
ton (associated with the instance x, y of the Post Correspondence Problem). □ 
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The measure Dist deserves a closer investigation. 

Returning to the equivalence of WK automata with two-head finite automata, 
each two-head automaton can be considered a WK automaton and, conversely, 
for each WK automaton A = {K,V, p, sq, F, P) in the 1-normal form we can 
construct an equivalent two-head automaton A' = Sq, F, P'), with 



Therefore, the state complexity is preserved, but not the transition complexity. 
The question whether or not WK automata are more efficient than two-head 
finite automata from the point of view of the measure Trans remains open. 

Note. Work supported by Grants OGP0041630 and OGP0007877 of the 
Natural Sciences and Engineering Research Gouncil of Ganada. 
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Abstract. We prove the confluence of a A-calculus of exception handling 
whose typing system and evaluation rules are initially based on classi- 
cal logic through the Curry-Howard isomorphism and to which we have 
added a general fixed-point operator. 



1 Introduction 

Philippe de Groote proposed in |2] a computational interpretation of classical 
logic through a simply typed A-calculus which features an exceptions handling 
mechanism inspired by the ML language. 

This calculus possesses several interesting properties (strong normalisation, 
subject reduction...), the main of them being given by its typing system which 
ensures that every raised exception is eventually handled whenever the whole 
term is correctly typed. 

Our goal consists in seeing if this interpretation can provide a realistic sy- 
stem of exceptions handling, with emphasis on the study of its behaviour in the 
presence of a general fixed-point combinator. We here establish that the rule for 
fixed-point preserves the confluence of the calculus, even if it implies the lost of 
the strong normalisation. 

Prawitz |H] studied the confluence properties of natural deduction for in- 
tuitionistic logic. The typing and evaluation rules of \exn present two major 
differences. Firstly, they are initially based on classical logic whose constructive 
aspects are less natural than the ones of intuitionistic logic. Secondly, the ad- 
dition of a general fixed-point operator implies that we leave the framework of 
logic and penetrate deeper the one of functional programming by increasing the 
expressive power of the language. 

From a programming point of view, a lambda-term models the set constituted 
by the program and the data it is applied to. It follows that if a lambda-calculus, 
that is, an evaluation process of lambda-terms, is confluent, then every program 
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which terminates has a unique result. It then becomes simple to define an opera- 
tional semantics for the reduction system in question by considering the normal 
form of a term, provided it does exist, as the result of its evaluation. 

We first present the calculus and discuss in which sense it satisfies the Curry- 
Howard isomorphism. The second part is devoted to the proof of confluence of 
its evaluation rules. 



2 Definition of the Aea;n-Calculus 

Definition 1. The types of the calculus are given by the following grammar: 

T ::= i I exn\ T ^ T 

where i. and exn stand for the base types, exn being the type of exceptional values. 

^exn features an exception handling mechanism by means of exception va- 
riables y which act as datatype constructors: these exceptional variables are of 
functional type, say r — >■ exn and then, when applied to a term of type r, return 
exceptions. An exception acts like all the terms of base type but may also be 
raised under the form of packets, which are then propagated and possibly hand- 
led. 



The packet (TZaiseM) is represented by the term (TZM), the exception decla- 
ration let exception y : a — >■ exn in M handle (yx) N being denoted by 
{y ■ M\x ■ N). 

Multiple declarations such as {yi • ( 7/2 • ■ • ■ (Vn ■ M\x ■ Nn) ■ ■ - )\x ■ Ni) are abbre- 
viated by {if ■ M\x -7^). 

The calculus represents all recursive functions by way of the binding operator 
fj,. Hence, the recursive function solution of the equation f = Xx ■ M{f,x) is 
denoted by the term p,f ■ Xx ■ M. 

Definition 2. The syntax of the expressions of the calculus is the following: 

E ::= fi\x\y\Xx-E \ {EE) \ {TZE) \ {y ■ E\x ■ E) \ p,f ■ Xx ■ E 

The set FV (T) of free variables of a term T is defined as usual. In particular, 
the free occurences of 7 / in M and a; in are bound in {y ■ M\x ■ N) and similarly, 
the free occurences of / in Acc • M are bound in /x/ ■ Xx ■ M . 

Definition 3. Define a typing environment to be a function that assigns a type 
to every variable. Let E stand for such an environment. The expressions of the 
language are typed in the following manner: 



r \- n : i. 

r ^ x: r{x) 
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r, X : a h M : (3 
r h Xx ■ M : a ^ f3 
r \- M : a ^ I3 F h N : a 
r h MN : P 
r \- M : exn 
r h {TIM) : a 

r, y : a ^ exn \~ M ■. (3 F, x : a \~ N ■. f3 
F h {y-M\x-N) : (3 
F, X : a, f : a ^ (3 h M : f3 
F h yf ■ Xx ■ M : a ^ P 

If exn is seen as the absurdity type false, then the type system abov^ 
provided that we forget the rule for fixed-point, corresponds to classical logiqj 
through the Curry-Howard isomorphism. Now, a natural question arises: what 
is the meaning of the last rule? Another way this rule can be expressed is the 
following: 



F, f : a ^ P h Xx ■ M : a ^ P 
F h yf ■ Xx ■ M : a ^ P ’ 

which appears as a very unexpected logical deduction: (A A) h A ... 

But, we can also see it as a rough approximation for the Noetherian induction: 

Vfc ([Vf < k A{i)] A(fc)) 

V/c A{k) ’ 

where “<” denotes a well-founded order. 

However, it is clear that with the rule for fixed-point, the typing system 
of Xexn does no longer fit with classical logic. So, by adding such a recursion 
operator to the calculus, we certainly increase its expressiveness, but also loose 
interesting properties. 

Xexn is based on the higher order functional language ML. For that reason, we 
are interested in a call-by-value evaluation process. Therefore, the /3-reduction 
will be performed only if the argument belongs to a particular set V: the set of 
values. 

Definition 4. The set V of values is defined by: 

V ::= n \ X \ y \ Xx ■ M\ (yV). 

In the following V,W (with possible subscript) will stand for members of V. 

^ The typing rule for {y ■ M\x ■ N) matches the elimination of the disjonction in the 
particular case of the excluded-middle. 
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The reduction rules of the calculus are 



given by the table below 



El 



dv : (Aa; • M)V^^M[V/x\ 

Raiseieft : V (TZM)^^{TZM) 

RaisGright : {TZM)N^-„{TZM) 

RaisGidem : {'R-{'R-M))^^{TZM) 

HandlG.tap : {y ■ M\x ■ N)^„M if y ^ FV{M) 
HandlGRaise : (V • <Jlyi V)\x ■ • Ni[V/x]\x ■ 7^) 

HandlG.eft ; V{y ■ M\x ■ N)^4y ■ VM\x ■ VN) 
HandlGright : (y ■ M\x ■ N)0^v{y ■ MO\x ■ NO) 
RaisGHandie : ■ M\x ■ N))^-u{y ■ {TZM)\x ■ (TIN)) 

Fix ■. yf-Xx- M^^Xx ■ M[yf ■ \x ■ M/f] 



Now, if we forget for a while the last rule and look at the table above from 
a logical point of view, the rules appear to be no more than proof reduction 
rules in natural deduction for classical logic [0| and have been proved to be 
strongly normalizing j2j. But of course, with our general fixed-point operator, 
these results become no longer available. 



3 Confluence of Xexn 



As we obviously loose the strong normalisation property by adding the above rule 
for recursion, it would not be sufficient to establish that X^xn is locally confluent 
0. Another way such a proof could be carried out is given by the Hindley-Rosen 
lemma 0 . It allows to conclude that the confluence (or equivalently, the Church- 
Rosser property) holds for a complex system if the rules it is made of possess 
themselves the property and behave together in a particular way: 

Lemma 1 (Hindley-Rosen) . Let R\ and R 2 he two binary relations such that: 

— Ri and R 2 possess the Church-Rosser property, 

^ In Philippe de Groote’s paper, the rule for Handlesi„,p was originaly written as 
{y ■ V\x ■ N)^„M if y ^ FV (V). But this leads to divergence as was shown in 0 
(take for example z{y ■ V\x ■ N)\ as zV is not itself a value, Handlesimp cannot be 
applied to {y ■ zV\x ■ zN)). Hence, in order to achieve confluence, the rule has to be 
changed. Even if this last modification is not necessary, we also slightly modify the 
three rules RaisGieft , RaisGright , RaisGidem to make them more general: contrarily 
to 0, they apply here to terms instead of values. 
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— i?i and R 2 commute 0 

Then the system R\ U R 2 possesses the Church-Rosser property too. 

Because all the rules of Xexn are well known or can be easely proved to be 
confluent (DSI), let us focus on the interactions generated by their regrouping. 
If the commutation of each couple of rules can be established, the confluence of 
the calculus will follow immediately as a consequence of the lemma. 

It can be easely checked that, in most cases, the rules behave in a very 
pleasant way, as the critical pairs which sometimes occur are solvable, i.e., do 
not lead to divergence Pj. Nevertheless, serious difficulties appear with the three 
couples of rules {H/ Raise, Bright), (H / Raise, Hieft) and {H j Raise, R/ Handle): 
the situation for {H / Raise, Hi^, ft) is described by the figure 1 (|'^| stands for 
the length of '^). 



{yi-W{^-UyjV\x 

II 

II 

II 

|yS|xffle/t II 



W{^-TZyiV\x-m) 




// 



If 

{^■W{nyjV)\x-W7ti) 



// 

// 

// 



Rleft 

{yt ■ {TlyjV)\x ■ 



// 




{yt ■WNj[V/x]\x-WiA) 



Fig. 1. 



We here remark that the closure of the diamond for {H / Raise, Hieft) can 
only be achieved in several steps, and especially by means of the rule Rieft - Now, 

Q -^1 -^2 

Two different binary relations ^ and ^ commute if the following holds: 

VMi, M2, M3: Ml ^ M2, Ml ^ M3 = 4 > 3M4 such that M2 ^ M4, M3 ^ M4. 
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whenever it seems possible to solve the inner problem by modifying the system 
so as to allow the rule -ffze/t to deal with multiple exceptions declarations, clearly 
the creation of the redex W{TZyjV) which needs to be reduced using a sponger 
rule, is definitively undesirable... 

As the couples {H / Raise, H right) and {H / Raise, R/ Handle) impose in the 
same way the presence of the rules Rright and Ridem, the three systems {H / Raise, 
Hright), (H / Raise, Higft) and {H / Raise, R/ Handle) are obviously not conflu- 
ent. It then becomes necessary to see if the systems {H / Raise, Hright, Rright) ■, 
{H / Raise, Hif, ft, Rieft) and [H / Raise, R/ Handle, Ridem) are confluent or not. 
If the confluence could be proved in the three cases, the idea would then be to use 
the commutation of each of the three rules which belongs to each of these subsy- 
stems with the remainder rules of Xexn- But the problem is precisely that, to take 
only this example, the rule H/ Raise of the subsystem {H / Raise, Hie ft, Rieft) do 
not commute with the rule Hright of the subsystem {H / Raise, Hright, Rright) ■■■ 

Thus, we have for the moment the two following results: 

Lemma 2. (3\i, Handlcsimp o,nd Fix are confluent. 

Proof. The confluence for Fix and /3v can be proved using the technique deve- 
lopped by Tait and Martin-L6f for the /3-reduction (see for example P). The 
proof for Handle simp is straightforward. □ 

Lemma 3. Each evaluation rule of Xexn commute with I3\>, Handlegimp o,nd 
Fix. 

Proof. By a simple analysis of the different cases. □ 

Then, in order to find a situation in which we could apply the Hindley-Rosen 
lemma, we must yet investigate together the seven rules [H / Raise, Hright, Hleft, 
R/ Handle, Rright, Rieft, Ridem) SO as to prove the confluence of the so-generated 
reduction system. 



3.1 Confluence of 

(.R-lefti Rright, R'id.em, -Rieft, R- right, H./ R OjTtdls, R ] RcttSe) 

A first idea is to follow the indication given by Philippe de Groote in [5| and to use 
the previously mentioned method of Tait and Martin-L6f. We then aim at pro- 
ving the confluence of a relation c> (to be defined) which possesses the same tran- 
sitive closure than the union of {Rieft, Rright, Ridem, Hieft, Hright, R/ Handle, 
H / Raise) and which permits to solve the two problems pointed out by Figure 
1 : 

— the rules Hright, Hieft and R/Handle have to be applied for each exception 
declaration enclosed in the term, that is, one step is required for each of the 
components of 
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— It becomes then necessary to use one of the rules Bright, Rieft or Ridem in 

order to regain a position allowing the application of H/ Raise. 

The inner problem can be given a solution provided we suppose to have an 
infinitely denumerable set of rules at our disposal for each of the three rules in 
question: thus, it becomes possible to cross in only one step all the exception 
declarations enclosed in a term, whatever the number of them is. 

The second problem is due to the fact that, if we look at the case presented by 
Figure 1 (the two other triples work in a similar way, because of the symmetry of 
the rules), we may observe that the term (yt ■W{TZyjV)\x-WNi) is not a redex 
for H/ Raise. Yet, it becomes such a redex if we reduce its subterm W (Ri/jV) to 
{TZyjV) using the rule Rieft- For this reason, the technique of Tait and Martin- 
Lof appears to be unsuitable for proving the confluence of the system. However, 
according to the method proposed by Aczel and Klop, this difficulty vanishes. 
Indeed, Aczel-Klop is an extension of Tait-Martin-L6f: both methods consist in 
proving the confluence of a relation whose transitive closure equals the one of the 
relation to be investigated, but there is a difference between them concerning the 
choice of this relation. In Tait-Martin-L6f, only the redexes which are present 
in the original term can be reduced at the same time. In Aczel-Klop, as soon as 
the reduction of the subterms confers to the whole term the status of being a 
redex, the reduction of these subterms followed by the reduction of the so genera- 
ted redex may be seen as forming just one reduction step for the original term [7|. 

Before giving the definition of the relation c>, a last observation is necessary. 
^exn being an exception handling language, all its terms may contain exception 
declarations, even the handlers themselves. We thus explicitely allow stacks of 
exception declarations at handlers-level, this in turn giving the possibility of 
stacks of exception raising to appear during the evaluation. 

Now, as the rules Hright, Hieft and R/ Handle must be applicable to terms 
containing multiple exception declarations, the rules Bright, Rieft and Ridem 
must be applicable to terms containing multiple exception raising. In order to 
simplify the notation for such terms, we set up a new definition: 



Definition 5. The expression 5R{T} is recursively defined as follows: 

5?{T} A TZM I (V • TlM\x ■ 5?{iv|) 
where {T} stands for the list built by adding to the list {A^}. 

Remark 1. If 5R{T} = TZM, then we simply have T = M. 

The relation > can be described by structural induction in the following 



manner: 
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Definition 6. 

M>V 7V>5i{^} 

MN > K{2l} 

Mo^{A} N>N' 

MN>^{A} '■ 

Mo^{A} 

TZM > 5?{A} 

M\>V N>{-f ■ A\x-1^} ^ 

-VA\x-vi)~ ‘ 

M>{~f ■ A\x -1^) N>N' ^ 

■ AN'\x-]^') 

M>it-A\x-^) 

(TZM) > {^ ■ {'JlA)\x ■ {TZb]) 

M>{TZ{y,V)) N>N' 

(V • M\x • #) > (y • N'j[V/x]\x ■ P) 

The relation > is reflexive and closed by the formation rules of terms. This 
property is expressed by the congruence rules: 

Mt>M 

M>M' 

Xx ■ M > Xx ■ M' 

M>M' N\>N' 

MN > M'N' 

Mt>M' 

M>M' N>N' 

{-f ■ M\x • #) > (V • M'\x ■ J?) 

M>M' 

frf ■ Xx ■ M > p,f ■ Xx ■ M' 

Remark 2. In the above statement concerning the rule -ff/i?, V possesses at 
least one component y^. On the contrary, in the case of the rules iJ;, Hj. and 
R/H, it seems possible for the vectors of exceptions declaration to be empty, 
and then for the corresponding handlers to be empty too. But in this case, 
these three rules become: 

M>V N>A ^ M>A N>N' ^ M>A 

MN\>VA ' MN > AN' (TZM) > (TZA) ' 
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hence appearing as particular cases of the congruence rules given previously. As 
a consequence, we will from now on consider that stands for a vector with 
at least one component, in other words, that {1^ ■ A\x ■ it) contains a least one 
exception declaration. 



Proposition 1. Let be the reduetion system built from the rules Rieft^ Riefti 
Ridem, Hieft, Hright, R/ Handle, Hf Raise. Then the relations o.nd t> have the 
same transitive closure. 

Proof. 1. M t> M' 3n M M' (by induction on the definition of c>) 

2. M M' M t> M' (by structural induction on M) 

□ 



Lemma 4. 



Xx ■ T t> M => M = Xx ■ Ti : T t>Ti {congruence) 



ST>M 



' M = S\Ti : S t> Si, T >Ti (congruence), 

M = K{A} : S > K{A}, T 0 Ti (Rr) 

< M = ift{A} : S>V,T>ift{A}{Ri) 

M={lf ■ ATi\x ■ Wfi) : ■ A\x-l^),T>Ti{Hr) 

^ M={^ ■ VA\x ■ Vt) ■. S>V,T>{-f ■ A\x-1^) (Hi) 



(TZT)t>M 



{'f ■ S\x-'f)>M 



( M = (TZTj) : ToTi (congruence) 

< M={^ ■ (TZA)\x ■ (TZB)) : T t> (if ■ A\x ■ 1^) (R/H) 
[M = ifi{A} : T>5?{A}(i?i) 

( M = (if • ^ila; • Ti) : S > Si, > jf (congruence) 

1 M=(y • Tgi[V/x]\x ■jt):S> (Uyj V),^ >^i(H/R) 



Idf ■ Xx ■ T \> M M = fj.f ■ Xx ■ Ti : Tt>Ti (congruence) 



Proof. By induction on the definition of >. □ 

Corollary 1. VM, {A} : ift{A} > M => 3{ii} such that M = 5R{ii}. 

Proof. (By structural induction on 5R{A}) 

K{A} = TZA From Lemma E] three cases are possible: 

1. M = TZA' = 3?{A'} (congruence) 

2. M=(-f- TZB\x ■ TW) = C} (rule R/H) 

3. M = n{B} (rule Ri) 

K{A} = {^-nB\ X' From LemmaEl two cases are possible for M\ 
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M has been obtained from • 1^B\x • 5J{c|) by H/R 

We then have M = (l/' • {^{C})'j\V/x\\x ■ (5i{C})^') with TZB >'lZ{yjV) 
and (5i{C'}j>(5i{C'})'. By induction hypothesis, 3D such that (5i{C'}j' = 
5?{L>}. Then {n{C}))[V/x] = n{Dj}[V/x]. So we have: 

M={-f ■ n{Dj}[Vlx]\x ■ SR{Z^) 

nE[V/x]\xi ■ ^{F[V/x]})\x ■ 5?{^) {D,={E^,,„F}) 
= {-^,yt- TZE[V/x]\x ■ a:i • ^{F[V/x]\) 

= {yi ■ TZF\V/x\\x 2 ■ '^{d\[x 2 / x\,lk{F[V / x]\[x 2 / xi]) {x 2 is new) 

= ■ nG\x 2 ■ WH^) 

= K{/} {where I = {Gy^^x2,H}). 



M has been obtained from (“^ • RB\x • by congruence 

Then M = • {nB)'\x ■ (JJIC})'') with UB o {TIB)' and o 

(K{C'}j'. For TZB, the base case holds. Thus, 31? such that (TZB)' = 



U{D}. 

By induction hypothesis, 3{E} such that (JJIC}]' = 5R{^. Then: 



M = ■ ^{D}\x ■ ^{f\) 

^it,yt-'FF\x-^i{^,xi-^i{^) {D = {E^^,„G}) 

= {yt ■ RF\x2 ■ ‘^{f\[x2/x\,‘^{g\[x2/xi]) {x2 uew variable) 

= • TIF\x 2 ■ ?ft{H}) 

(where J={Fpt,,„iF}). 

□ 



Lemma 5. V and its complementary set are closed under the relation >. 

Proof. (By induction on the definition of >) □ 

Lemma 6 (Substitution). M>Mi,N>Ni =J> M[N/x]t> Mi[Ni/x] 
Proof. (By induction on the definition of t>) □ 



Proposition 2 (Confluence of l>). For all M, M 2 such that M t> Mi and 
M > M 2 , there exists M 3 such that Mi t> M 3 and M 2 i> M 3 . 

Proof. The proof is carried out by induction on the derivation of M >Mi. As the 
whole proof can seem somehow tedious because we are dealing with numerous 
cases and because the rules Rr, Ri and Ri (and in the same way, their associated 
rules Fir, Hi and R/H) work rather closely, we here present only one of them. 
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{M > Ml) = {PQ > PiQi) with P > Pi and Q \> Qx 

By Lemma 0 five cases are possible for M 2 , the first of them matching the 
one presented by Figure 1 above: 

M > M 2 by Hi', we then have M 2 = ■ V A\x ■ VB) 

with the hypothesis 

By Lemma 0 and induction hypothesis on P and Q: 3Vi such that 

Pi>Vi , zin u fu f / Qi > O2 

V>Vi ^ {{Y ■ A\x ■ B) > Q2. 

By Lemma E] two cases are then possible for Q 2 '- 
(V • A\x • ^) > Qa by congruence: 

Q2 = {'t- |a; • iti) with I ^ ^ ^ 

By congruence, we get • V A\x ■ Vl^) > {if' ■ ViAi|a; • ViB\) 



As Pi > Vi and Qi > {'f • Ai |a; • Pi), it comes 
PiQi > by Hi. 

(V • A|x • ^) > Qa by H/R: 

Q2 = {lf ■ Pij [VF/a;]|a: • p|) with | ^ ^ 

By Ri, we get: VAt> {TZyj W) and by congruence: > ViPi. 

Then, by H/R {-f ■ VA\x ■ V~^) c> • {ViBi)fW/x\\x ■ Vjfi). 

On the other hand, from Qi > • B\j\W / x]\x ■ Pi) and P\ Vi, 

we conclude by Hi that: PiQi i> {if ■ FiPij[VF/a;]|a: • ViPi), i.e., 

PiQi > {t ■ (PiPi)^[tF/a;]|a; • ^xf FV{Vi) 



M > Ma by Ri Thus we have M 2 = 5ft{A} with the hypothesis P >V, 
Qo5R{A}. 

By induction hypothesis, 3 P 3 such that Pi >Pa and V\>P^ and 3 Q 3 such 
that Qi 0 Q 3 and 5R{A} > Q 3 . 

From the corollary 0} 3{P} such that Qs = 5R{P}. 

As we know from Lemma 0 that P 3 is a value, we finally get Mi = 
PiQi>K{P} by Ri. 



We do not detail the three remaining cases (Ma obtained by H^, Rr or 
congruence) which are similar or easy to check. 

□ 



Theorem 1. The \exn~calculus is confluent. 

Proof. By Lemmas 0 121 0 and Proposition 0 □ 
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4 Conclusion and Further Works 

The previous result can be considered from two points of view. If we focus on 
the computational side, as it follows from the confluence property that the nor- 
mal form of a term, if any, is unique, Xexn can now be given in a simple way 
an operational semantics. The operational behaviour of the calculus will in turn 
have to be investigated in order to define precisely what is the contribution of 
Xexn to the held of functional programming. In the same way, it would be useful 
to see if other type constructors, especially pairs and sums, can in turn be added 
with benefit to the language. From a computer science point of view, this would 
in particular allow the pattern-matching, whose interest is clear. 

But the logical side of the calculus may be of interest too. Indeed, we know 
that all the evaluation rules, excepted the rule for Fix, correspond to normali- 
sation rules for classical natural deduction. Therefore, one may wonder whether 
a form of subformula property IHE] holds for Xexn- If such a property can be ca- 
racterized, the addition of new rules for disjunction will need some precautions. 
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Abstract. We give a characterization of the archimedean fields in which 
nontrivial 5-uniform decidable sets exist. More exactly, after we introduce 
a notion of Turing closure of an archimedean field we prove that such 
a field posseses nontrivial 5-uniformly decidable sets if and only if it 
is not Turing closed. Moreover, if a function is 5-uniformly computable 
on a Turing closed field then it is rational over each of the connected 
components induced on the halting set by the reals. Finally, given a field 
which is not Turing closed, we obtain as a consequence that there exists 
a 5-uniform machine computing a total function which is not rational. 

1 Definitions and Notations 

Following Turing it is possible to study computations of Turing 

machines whose input tapes contain representations of real numbers (and 
that are allowed to output similar representations, as well): this approach 
is known as Type 2 recursion theory [IWei| . 

In a paper of Boldi and Vigna lEY! the authors introduce a version of 
the BSS model of Blum, Shub and Smale [BSfij , called a 5-uniform ma- 
chine, in which exact tests are not allowed. In other words, a 5-uniform 
machine can only decide whether two numbers are very close, but cannot 
decide whether they are truly equal or not. There is a strict relation bet- 
ween 5-uniform computability and Type 2 recursion theory. More exactly, 
for any archimedean field the halting sets of 5-uniform BSS machines with 
coefficients in T (the field of Turing computable reals) or Q are exactly 
the halting sets of Type 2 Turing machines m- Thus, the restriction of 
5-uniformity reduces the full power of the BSS model, making it closer to 
Turing machines. 

A finite dimensional BSS machine M over the archimedean field A 
consists of three spaces: the input space I = A\ the output space O = 
A™' and the state space S = A^, together with a finite node set N = 
{1,2, ... ,p} divided into four subsets: input, computation, branch and 
output: 

G. Ciobanu and G. Paun (Eds.): FGT’99, LNGS 1684, pp. 433-023 1999. 

© Springer- Verlag Berlin Heidelberg 1999 
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1 . node 1 is the only input node (with fan-in 0 and fan-out 1 ); there is a 
linear function with integer coefficients i{—) mapping / to 5; 

2 . node p is the only output node (with fan-out 0 ); there is a linear 
function with integer coefficients o(— ) mapping S to O; 

3. q 0 {l,p} can be a eomputation node (with fan-out 1); there is a 
rational function : 5 — )■ 5; 

4. q ^ {l,p} can be a branehing node (with fan-out 2 and its two suc- 
cesors are denoted by P~{q) and P^{q)', branching on — or -|- will 
depend upon whether or not the first coordinate of the state space is 
negative) . 

M induces a eomputing endomorphism e:NxS^NxShy the 

relations: 



e(l,x) = (/3(l),x), e{p,x) = {p,x), 

e{q,x) = {(5{q),rg{x)), if (7 is a computation node, 



and 



e(q,x) = < ^ ^ , if g is a branching node ( 1 ) 

[ [P xi > 0 

(if q has fan-out 1 we denoted by (3{q) the next node in the graph after 

q)- 

If the eomputation of M under input a (that is the orbit generated 
by the computing endomorphism starting from (l,i(a))) reaches a fixed 
point of the form (p, b) with b £ S then we say that the machine halted 
obtaining a correspondence ipM between the input a and the output 0 ( 6 ). 
ifM is called the partial funetion eomputed by the maehine M. The sets 
of all inputs on which the machine M halts is denoted by and called 
the halting set of M. 

Formally, given a BSS machine M and a (5 > 0 (called a threshold ) , we 
define the 5-computing endomorphism much as above, but substituting 
the test case ( 1 ) as follows: 



e{q,x) 



{(5 {q),x), if xi < -5 
(/3+(g),x), if xi > -5 



(2) 



(if (7 is a branching node). 

The induced 5-halting set is denoted by 17^ and the 5-computed fun- 
ction by 
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Definition 1. A BSS machine is 5-uniform if = f^M and = (pM 
for all 5 E (0, 1). 

A set which is the halting set of some BSS machine is called semi- 
decidable. The set is called decidable if, moreover, its complement is also 
semi-decidable. A partial function is computable if it is computed by some 
BSS machine. A set X is semi- decidable relative to T if Ai n T is semi- 
decidable; it is decidable relative to Y if both X (lY and Cx H Y are 
semi-decidable (we denoted by Cx the complement of the set X). 

Similarly, if we consider a 5-uniform BSS machine we obtain respec- 
tively, the notions: 6-uniformly semi- decidable, 5-uniformly decidable and 
5 -uniformly computable. As observed by Boldi and Vigna, every 5— uni- 
formly semi-decidable set is open. 

The following theorem |BV| gives an equivalence between 5-uniform 
and Type 2 decidability. 

Theorem 1. Let X C A™. Then X is 6-uniformly semi- decidable by a 
maehine M with coeffieients a\, ... ,ar if and only if there exists a Type 2 
Turing maehine M' with m-\-r input tapes sueh that for all (xi, . . . Xm) E 
A^, 



(xi, . . . Xm) E Ai 4=> M' halts on input (xi, . . . , Xm, Q<i, ■ • • , Or) • 

2 Some Topological and Algebraic Preliminaries 

The basic notions of topology quoted bellow can be found, for example, 
in |(laa) . The results stated here are necessary in order to prove the 
connection between 5-uniform computability and Turing closed fields. 

An open set is called regular if it is the interior of its own closure. 
Given a connected topological space T and a dense subspace D C T, 
for every set U Q D open in D we define U = {U U Cd)°. 

Proposition 1. Let T be a connected topological space and D T T a 
dense subspaee. If U,V Q D are open in D then 

1. U = U<AD and it is a dense subset ofU; if moreover C is a component 
of U then C Ci D = C; 

2. i/ 17 n T = 0 then U Ci V = $; if moreover U UV = D then U and V 
are regular. 

Theorem 2. Let T be a topological space and U, V two disjoint regular 
open sets with UUV dense in T. Then dU = dV = Cuuv (dU denotes the 
boundary ofU). If moreover T is eonnected and U and V are nonempty 
then the boundary is nonempty. 
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For the following basic algebra notions we can mention |Tjan| as a 
general reference. 

Let A: C iL be a field extension and M <Z K. We denote by k{M) the 
intersection of all fields containing M and k. This field extension is said 
to be 

— finite li K = k{M) for some finite M; 

— simple \i K = k{x), where x is an element of K called primitive 
element; 

— algebraie if every x E iL is algebraic over k] if 6 is algebraic over k 
then there is a surjective homomorphism v : k[X] — )• k[9]. Because 
k[X] is principal, the ideal keru is generated by an irreductible poly- 
nomial p E k[X] (assumed monic) called the minimum polynomial of 
9. Consequently, by the theorem of isomorphism 

k[X]/{p)^k[9]=k{9y, (3) 

— separable if it is algebraic and the minimum polynomial of each x £ K 
has only simple roots. 

The primitive element theorem states that 
Theorem 3. Every finite and separable field extension is simple. 

Let us note that every finite field extension is algebraic. Furthermore, 
if k has characteristic 0 then k is perfect, that is every algebraic field 
extension is separable. Consequently, by the previous theorem, if k has 
characteristic 0 and the field extension k <£ K is finite then it is simple. 

Consider a 5— uniform BSS machine over the archimedean field A with 
coefficients oi, . . . , a^. Using a renumerotation (if necessary) we take s < r 
as the minimum natural number such that the extension Q(ai, . . . , Os) C 
Q(oi, . . . , Or) is algebraic. It follows that Q(ai, . . . , a*) is isomorphic with 
Q(Xi, . . . ,Xs), the field of all rational functions with s arguments and 
coefficients in Q. Moreover, because the above extension is finite and IR 
has characteristic 0, by the primitive element theorem it is simple, that is 
there is an 0 E Q(ai, . . . , a^) such that Q(ai, . . . , a^) = Q(ai, . . . , as){9). 
By (3) there is an irreductible polynomial p such that 

Q(Xi,...,X,)[X]/(p)-Q(ai,...,a,). 

Consequently all field operations of Q(oi, . . . ,ar) can be performed 
simbolically in Q(Xi, . . . ,Xs)[X]/[p) as well as equality tests. So we can 
emulate the computation of M with a machine M' that also keeps track 
of the intermediate results of the computation of M. 
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3 Main Results 

Since every ordered archimedean field is isomorphic to an ordered subfield 
of IR |Wae| we can regard an archimedean field A as an ordered subfield 
of IR. 

Definition 2. Let F D A be a field extension. An element f & F is said 
to be Turing over A if there are m G IN, w G A"^ and a Turing maehine 
M (with m input tapes) sueh that M{w) = /. If every element of F is 
Turing over A, then F is said to be a Turing extension of A. A is Turing 
elosed if it does not have any proper Turing extension. The Turing closure 
of A is the intersection of all Turing closed fields containing A. 

Proposition 2. The Turing closure of A is given exactly by the set T of 
all reals that are Turing over A. 

Proof. We just have to show that T is a Turing closed field. If t,t' G T 
then there are w G w ' G A'^ and Turing machines M, M' such that 
M{w) = t and M'{w') = t' . But then there is a machine M" with m + m' 
input tapes that on input {w,w') computes internally t, t' and writes 
the sum t + t' on the output tape. Analogously for the other operations. 
Turing closedness can be easily shown by a suitable composition of Turing 
machines. □ 

We are now in the position to prove that 
Theorem 4. The following conditions are equivalent: 

1. there is an m > 0, an open subset Z C A™ such that Z is connected, 
and a nonempty proper subset X G Z which is 6— uniformly decidable 
relative to Z; 

2. there is a nonempty set X C (0, 1) n A which is 5— uniformly decidable 
relative to (0, 1) n A; 

3. there is an a G IR \ A which is Turing over A; 

4 . there is an a G IR \ A such that {x G A \ x < a} is 5— uniformly 
decidable 

(in order to avoid ambiguities we choose to use the symbol tilde only for 
T = IR”^ and D = A^.) 

Proof. (1.) ^ (2.) Let X' = Z\X. By applying Proposition 3 with T = Z 
and D = Z, we have that Y = [X \J {Z \ Z)j° and Y' = [X' U(Z\ Z)j° are 
regular disjoint subsets of Z. Because Z = XUX'cYUY'cZ and Z is 
dense in Z their union is also dense in Z. Thus, we can apply Theorem 4, 
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and consider a point y in dY = dY' (the boundary in Z). Since y ^ Z and 
Z is open there is an open ball B 3 y entirely contained in Z. X being 
dense in Y and B DY open in Y the intersection B Ci X = B DY Ci X is 
non- void. We take x £ B D X and analogously x' G B Ci X', and consider 
the path / connecting x to x' , parameterized by f{t) = t{x' -x)-\-x, where 
^ £ [0, 1] C IR : observe that t £ A iS f{t) £ and f\A : A -3 A^ is 
bijective. 

Note that f~^{X) n (0, 1) and f~^{X') n (0, 1) are complementary in 
(0, 1) n A. Indeed, if for some t £ (0, 1) n A, f{t) is not in X then, since 
f{t) £ B C Z, f{t) is in A^ fl Z = Z, that is f{t) £ X' . Let M be a 
(5-uniform BSS machine semi-deciding f~^{X) n (0, 1). The same is true 
for f~^{X') n (0, 1). Moreover, both f~^{X) n (0, 1) and f~^{X') n (0, 1) 
are nonempty; otherwise, if we suppose that f~^{X) n (0,1) = 0 then 
every neighbourhood of 0 in ^ contains points of f~^{X')] thus, every 
neighbourhood of x in Z contains points of X' . But X is open and so 
contains a neighbourhood of x contradicting the fact that X and X' are 
disjoint. 

(2.) ^ (3.) We define a Turing machine working as follows: given a 
dyadic interval (Z, r) containing some points of both X and X' = (0, 1) H 
A \ X, and initially set to (0, 1), we find the minimum k > 0 such that 
the set of 2^ — 1 dyadics of the form I i{r — l)/2^, for 0 < i < 2^, 
intersects both X and X' (in order to decide membership to X and X' 
we use Theorem 2); note that this minimization is terminating because the 
numbers of this form for all k are dense in (Z, r), and thus must intersect 
both X and X', which contain open neighbourhoods (i.e., intervals) in 
(Z,r) n A. Then, we find the first j such that Z -|- j{r — Z)/2^ G X and 
Z-|-(j-|-l)(r — Z)/2^ G X' (we exchange the role of X and X' if such 
a j does not exists), and restart the process on the interval (Z + j{r — 
Z)/2^,Z -|- (j -|- l)(r — Z)/2^), which certainly contains points of both X 
and X' (because they are open), and whose length is at most | r — I \ /2. 
The sequence of intervals thus defined cannot converge to a point of A 
(for example if o; G X all the above intervals, excepting a finite number, 
are contained in X, since X is open); hence, it converges to some number 
a £ IR \ yl, whose signed binary digits can be increasingly output each 
time a new subinterval is found. 

(3.) ^ (4.) Take the Turing machine M writing a and emulate it 
with a (5— uniform machine M' . Then, for every input a generate a with 
enough precision in order to decide whether a < a oi a > a (the case 
a = a being impossible). 

(4.) ^ (1.) Take m = 1, Z = A and X = {x G yl|x < a}. □ 
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The main application of the previous theorem is the following 

Theorem 5. Let A be an arehimedean field. There are nontrivial 5— uni- 
formly deeidable subsets of iff A is not Turing elosed. 

In particular, there are no nontrivial decidable subsets of T™ or IR™'. 
We now prove some restrictions about the functions computed over Turing 
closed fields: 

Theorem 6. Let M be a 6 — uniform maehine, and C a eomponent of 
Qm- If is Turing elosed, then V^M|cnA™ is « rational funetion. 

Proof. Let fa be the rational function of the input computed by M on 
input a, B = C r\ A^, and suppose (fM\B is not the restriction of a ra- 
tional function. This implies that for some rational function g the sets 
X = {a £ B \ fa = g} and B \ X are both nonempty. Note that B = C 
is connected by Proposition 3, and that X (hence B \ X) is 5— uniformly 
decidable relative to B. Indeed, consider E = Q(ai, . . . , Or) C A, the ex- 
tension of Q generated by the coefficients of M. By the primitive element 
theorem we can recode all constants appearing in the program of M as 
elements of Q(Xi, . . . ,Xs)[X]/{p), where {p) is the principal ideal gene- 
rated by a certain irreducible polynomial in Q(Wi, . . . , Xs)[X] and s <r 
(as explained in Section 2). We emulate the computation of M with a 
machine M' that also keeps track of the intermediate results of the com- 
putation of M under the form of polynomials (the variables now being 
the input) with coefficients in Q(Wi, . . . ,Xs)[X]/ [p)-, when M stops, the 
rational function computed can be tested exactly against g (also g can be 
coded, since its coefficients belong to E). By Theorem 8 (1) (3), is 

not Turing closed. □ 

This implies, in particular, that the only total functions that are 
(5— uniformly computable on a Turing closed field are the rational func- 
tions. Moreover, Theorem 10 gives also a necessary condition, as explained 
by the following 

Theorem 7. Let A be a field whieh is not Turing elosed. Then, there 
exists a 6— uniform maehine M eomputing a total funetion whieh is not 
rational. 

Proof. We know, from Theorem 8, that there is some a ^ A such that 
H = {x £ A \ X < a} is <5— uniformly decidable. Then the characteristic 
function xh ■ A — )■ {0, 1} (which is clearly not rational) is computable. 

□ 
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Abstract. We consider the number of parallel derivation steps as com- 
plexity measure for context-free languages and show that a strict and 
dense hierarchy is obtained between logarithmic and linear (arbitrary) 
tree height. We hereby improve a result of Gabarro. Furthermore we 
give a non-regular language with logarithmic tree height disproving a 
conjecture of Culik and Maurer. As a new method we use counter- 
representations, where the successor relation can be handled as the com- 
plement of context-free languages. 



1 Introduction 

Like in complexity theory, where different measures for costs for recognizing 
languages are used, Book considered the costs of derivations of words 

in languages by grammars. Correspondences between the number of derivation 
steps and Turing machine computations were established by Igarashi in EUZZ). 

The height of a derivation-tree corresponds to the minimal number of paral- 
lel derivation steps using a context-free grammar, where we allow an arbitrary 
number of variables to be replaced simultaneously. Correspondingly [Cab84j con- 
sidered the space needed on the store of a push-down automaton and obtained 
a strict hierarchy of classes with space. 

Heights of derivation trees generated by context-free grammars with regular 
parallel control languages were considered in [IK PI 17(1] Brandenburg used the 
height of syntactical graph^ as complexity measure and showed equivalences to 
complexity classes \nim- 

Why are context-free languages with sub-linear derivation tree height inte- 
resting? One reason is that their recognition can be parallelized efficiently as 
we will describe in Section El Unfortunately most context-free languages do not 
have this property. For some of them like {a"&" | n G Af} this was shown by 
Culik and Maurer jCM78j who also showed that regular languages have 

logarithmic tree height. Furthermore, it was conjectured |Bra,81ICM78| that 
context-free languages with logarithmic tree height are regular. We will disprove 
this conjecture in Section 0 

We will give a quite general criterion for languages not to have sub-linear 
derivation tree height by Theorem 0in Section E| using bounded languages. 

* This research has been partially supported by the DFG Project La 618/3-2 KOMET. 
^ Generalizations of derivation trees for arbitrary grammars 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 441- 14501 1999. 
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On the other hand there are non-regular context-free languages which do not 

fit into this criterion ITCT?71 : Consider the infinite word w = baba^ba^b a^b..., 

which is a sequence of unary encodings of increasing numbers. Let the language 
L be the set of finite words which are not prefixes of tc. L is context-free (the 
idea is that there exists a block of letters a with an exponent different from the 
number of letters b sitting at the left of the block). According to Klol72l (see 
also IColTtil l any bounded language in the full AFL generated by L is regular. 
Indeed this language has ^/n tree height as we show in Section El 

In section Q we generalize this method to various kinds of representations of 
counters and define languages as sets of words which are not prefix of an infinite 
word being the sequence of such counter-representations (because of [AKCtd?) 
all these languages have to be inherently ambiguous). Furthermore we give a 
separation of tree height classes; this means that for every ’reasonable’ function 
/ between logarithmic and linear, we can construct a context-free language with 
/(n) but no less tree height. Thus we have a strict and dense hierarchy. 

In section El we show that derivation tree height corresponds to pushdown 
complexity and therefore our result improves j(Iab84j . 

We consider context-free languages, which can be generated by a context-free 
grammar such that every word in the language has a derivation tree of height 

/(kl): 

' < fi\x\) 



X 




A main difference to EOL and similar systems is that in a parallel derivation 
step not all variables have to be replaced (this explains why we need not write 
</(bl) . /(kl) , 

=> instead of =5> in the following definition). 

I|G ||G 

Definition 1. Let G = {V,S,P,S) be a context-free grammar. A parallel deri- 
vation step is defined by 01 ^ 102 ^ 2 . ..OfeAfeOffc+i =S> airia 2 r 2 ---otkrkOik+i with 

IIG 



Ai ^ ri G P and at G {V U S)* for all 0 < i < k. 



/(kl) 



denotes /(|a:|) parallel 



derivation steps in sequence. CFLth{f{n)) := {L C E*\3G,L = L(G),\/x G L 

b => x\. 

IIG 



Remark: It is easy to see that height can be compressed by a constant factor c 

<C 

by using P' := {A r \ A G V, A => r}. For that reason throughout the paper 

l|G 

we need not care about additive and multiplicative constants. Observe that this 
destroys Chomsky normal form, which makes the O-notation for multiplicative 
constants necessary in this case. 



Proposition 1. \GM REGffCFLthilogn). 
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Clearly only finite languages can be generated with sub-logarithmic tree 
height. 



2 The Connection to Pushdown Complexity 



Definition 2. lGab84^ A language L has pushdown complexity /(n) if L is 
recognized by a pushdown automaton such that every w € L has an accepting 
computation with pushdown space 0{f{\w\)). 

By standard construction mrm . every language in CFLth(/(n)) has push- 
down complexity f{n). But in the other direction the standard construction in 
pTTTilj leads to CFLth(lin) for any (even constant) pushdown complexity. 

Lemma 1. A language L with pushdown complexity f{n) is in CFLth{f(n) + 
log n) . 



Sketch of proof: Take the grammar G = (V, S, P, S) obtained by the stan- 
dard construction in IEU7!H for the given pushdown automaton and build the 
equivalent grammar G' = {V\ E, P' , S) with V' = V \J {Ab\A,B S V} and 
P' = PG {A ^ AaA,Aa ^ AaAaIA g F} U {Ga ^ aBA\C ^ aB G 



P} U {Ga i-t a|C !->■ a A G P}. Words produced in a right recursion A 



* 



G' 



* * * 

wiA =$> W 1 W 2 A => ... => wiW 2 ---WkA can now be produced in any balanced 
G' G' G' 

way via A\A. Only parts of finite length and left recursions caused by the height 
on the pushdown store can not be balanced. 



Corollary 1. For f{n) > logn pushdown complexity and derivation tree height 
are the same and thus Theorem^in Section^and Theorem\^in Section^are 
an improvement of Theorem 6 in 



3 The Connection to Parallel Recognition 

With the method in EEHBI, context-free languages can be recognized by a 
CRCW-PRAM in 0{log{n)) steps. But this method needs n® processors, which 
makes it very inefficient. On the other hand the CYK-algorithm |KasH5| allows 
an easy parallelization on a CRCW-PRAM in linear time with processor^ 
This idea can be used to recognize languages in CFLth(/(n)) in time 0{f{n)) 
with processor^. This means that the derivation tree height corresponds 
to the running time of the following parallel algorithm. For every production 

A ^ BG and every infix uv in the input word, a processor writes a 1 to the 
* * * 
position for A uv if the positions for B u and C v have a 1. If 

* 

w G L GCFLth(/(n)), then S => w will have a 1 after 0(/(n)) steps. 

^ A more clever algorithm works on a CROW-PRAM in linear time with nf processors. 
® In most cases an improvement to processors is possible. 
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4 Closure Properties 

Theorem 1. CFLth(f) is an AFL and closed under reversal and substitution 
by other languages in CFLth(f) not containing X. 

Proof. For the closure properties union, product, *, intersection with regular lan- 
guages, reversal and substitution by other languages in CFLth(/) not containing 
A we can just take the standard construction in for context-free languages 

and observe that the tree-height is only increased by an constant factor. 

To build the grammar for h{L) for L £CFLth(/) and a non-erasing homo- 
morphism h, we simply replace every terminal letter a by h{a). 

(An erasing homomorphism h could make the word significantly shorter.) 

For the inverse homomorphism, a slight modification to the proof on page 
31 in EEZni is necessary. The problem is that there may be letters z with 
h{z) = A occurring in h~^{w), which are produced in by a linear part 

of the grammar, which could increase the tree height to linear. To prevent this, 
we need to insert the production w — >■ ujuj to P' in in order to be able to 

produce letters z with h{z) = A in binary trees which consume only logarithmic 
tree height. Furthermore we observe that the erasing homomorphism used for 
the construction of the inverse homomorphism in can decrease the length 

of the word only by a constant factor. 




Open problem: Is CFLth(/) closed under erasing homomorphisms? 

5 Bounded Languages Have Linear Derivation Tree Height 

Definition 3. \Gin6f^ 

A language L is bounded if L C wlvu^-.-w^ for Wi, € S* , m > 1. 

Theorem 2. No bounded non regular language is in CFLth{o(n)) . 

Proof. We first start to prove the theorem for 2-boundec0 languages. Since 
CFLth(o(n)) is an AFL we may assume w.l.o.g. L C a*b*. Let G be a context- 
free grammar for L. Consider all variables A,B,... which are produced on the 
left or right side in the path from S to the border between a’s and &’s. The words 
producible by such a variable are in a sub-language C a* U 6* which is regular. 

L C u!^W 2 for wi,W2 G S* 
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Let s be the product of of all lengths of minimal loop^ of the minimal determi- 
nistic automaton for all this languages. If L is not regular then there must be 
k,k' < s such that L' = LC\ (5^)* is not regular. Thus the semi-linear 

Parikh-image of L' must have a period incrementing a’s and b’s simultaneously. 
If L and thus L' cCFLth(o(n)), there must be infinite sub-languages on both 
sides. Then there is a word w € L' with an infinite sub-language on both si- 
des, which means (a®)*u>(6®)* C L', thus L' is regular in contradiction to the 
assumption. 



S 




Now consider an m-bounded language L C aJo 2 ...aJ^ and construct L' ana- 
logously. If the semi-linear Parikh-image of L' has a period incrementing all Oi’s 
simultaneously and if L and thus L' cCFLth(o(n)), there must be a word in 
L' with an infinite sub-language in every block, which means ■■■ 

(a^)*a^ C L' . Otherwise we have (of )*aj^ (a|)*a 2 ^ ...(a^)*a^ 0 L' = 0. In 
both cases the intersection with one of the languages a*...af...a^ must have the 
non-regular part, which means that the AFL generated by L and thus L' con- 
tains a TO — 1-bounded non-regular language, which leads to a contradiction by 
induction. 



Corollary 2. Every context-free language L generating an AFL containing a 
hounded non regular language is not in CFLth{o{n)). 

If we knew that every AFL generated by a non-regular unambiguous context- 
free language contains a non-regular bounded language, we could proof the fol- 
lowing: 

Conjecture Every unambiguous context-free non-regular language L is not in 
CFLth(o(n)). 

For a more general separation result as Theorem El we need the following 
definition: 

Definition 4. Let E he an alphabet and a ^ b two symbols. A language L is 
f{n) tail-bounded if for every w € E* and n € J\f with wab^ ^ L it holds 
n= f{\wa\). 

® A loop of the automaton reading the same input symbol, where every state occurs 
only once 
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Lemma 2. No f{n) tail-hounded non regular language is in CFLth(p{f(n))) 

Proof. Assume by the contrary G to be a context-free grammar w.l.o.g. for a 
language L C S*ah* . Consider all variables which are produced on the right side 
in the path from S' to a in the derivation tree. The words producible by such a 
variable form regular sub-languages in b* . Let s be the product of all lengths of 
minimal loops of the minimal deterministic automaton for all these languages. If 
L is not regular then there must be a fc < s such that L' = LC\E*ah^{N)* is not 
regular. If L and thus L' £CFLth(o(n)), there must be an infinite sub-language 
of 6’s occur on every but finitely many paths. Thus there are only finitely many 
wab'^ ^ L' (having wab"'~^ G L' produced by one of the finitely many paths). 
Thus L is CO- finite in contradiction to the assumption. 



6 Parallelizable Non Regular Languages 



There are non-regular languages in CFLth(o(n)): 

Example jHoahTj : Let L be the set of non-prefixes of the infinite word w = 

babafbafb a^b.... Then L GCFLth(-yn) by the following grammar: 

{S' — >■ RABabR\RABab\RbBAaR\baAR\bbR\babbR\babaaAR\AR, 

A — )> AA\a, R — >■ RR\a\h, B — )> aBa\b} 

The variable R produces any string with logarithmic tree height. The variable 
B produces {a'^baA \ n G M} thus ABab produces {a'^ba'^b \ n> m € Af}, which 
can not occur in w and bBAa produces {ba^ba^ | m > n -I- 1 G Af}, which also 
can not occur in w. Thus a word in L can be produced making use of the first 
’error’ in respect to w, which is illustrated in the following picture: 



S 




For a word in L we consider the derivation using the first position where a 
block has length k and the following block has not the length fc -|- 1. Thus we 

k 

can estimate the length n of the word hy n> ^ z which means k G 
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We now improve this by constructing an example with the smallest possible 
derivation tree height and hereby disprove the conjecture in |Hra81ICM78| . There 
are non-regular languages in CFLth(log): 

Example: Let L be the set of non-prefixes of the infinite word 
w = 60al&10all6100al016110alll6...allll000015100010000a...66fca6f+i&..., 
where bk S {0, 1}* is the binary representation of k. It holds L sCFLth(log(n)) 
by a grammar which produces words containing an ’error’-part showing that the 
word is not prefix of w; this may be some part ab^bv^a or bb^avb with v ^ bk+i or 
some other syntactic ’error’. Since the length of the binary representations grow 
only logarithmically until an ’error’ occurs, the tree-height is also logarithmic 
like the following picture shows: „ 




As an important tool we use a generalization of the representation of a counter 
to define context-free complement constructible functions. 

Definition 5. A function f : Af ^ Af is called context-free complement con- 
structible (ccc), if there is an infinite sequence Cq,Ci,... of words called context- 
free complement construction over an alphabet Sf with \ck\ = f{k), such that 
the complement of G Af} is context-free. 

The following property of ccc functions will help us to establish the strictness 
and denseness of the hierarchy: 

Theorem 3. For all functions g : Af ^ Af with log < g < lin such that there 
is a ccc function f : Af ^ Af with g(f^\-i /(*)) = f{k) for all k, there are 
languages in CFLfh{g{n))\CFLth{o{g{n))). 

Proof. Let L be the set of non-prefixes of the infinite word 
u = bcoacf^bc 2 ac§ ...ac^_ibcna..., with (ci) being the context-free complement 
construction for / with a,b ^ Sf. Then L sCFLth(g(n)) by a grammar which 
works as the picture shows: 
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s 




The grammar produces at the beginning and at the end some rest with a 
binary tree and in the middle it produces either b{ckaw^\k G Af,Ck+i ^ w G 
S*}b according to Definition^or a{cj}bw\k G TV, Cfc+i ^ w G S*}a analogously. 
We may assume w.l.o.g. that the first part of the word until Ck is a prefix of u 
since we could choose an earlier Ck otherwise. Therefore the length of the word 

k 

is n> /(*) the height g{n) = f{k) is sufficient. 

i=l 

Let L' := Lb* U (17/ U {a, b})*ab* U (17/ U {a, b})*b{vab^ \ v G , n ^ \v\} . 
Every word wab'^ G (17/ U {a, b})*ab* is in Lb* unless wa is a prefix of it; in this 
case wab^ is in L' iff the length of the last counter representation in w is not 
equal to n, which can be tested within tree-height g(|u;a|) thus L' GCFLth(g(n)). 
The only possibility for wab^ not to be in L' is n = g'(|u;a|) for & g' G 0{g), 
which means L' is g'{n) tail-bounded. Because of Lemma 0 L' can not be in 
CFLth(o(g'(n))) =CFLth(o(g(n))). 



Lemma 3. 1, 2” and log are ccc. If / and g are ccc, then also f + g and f * g 
and the functions e, h with e(n) = X)r=i /(*) h~^{n) = 

Proof. Let ci/ = 1, C 2 'i,t = and ciog/ = bin{i). Assume w.l.o.g. A/ fl Ag = 0 
and d ^ Sf U Sg. 

Let Ef+g = EfUEg, Cf+g^i := Cf^iCg^i. The complement of {cf+g^k$cf_^_gJ._^_^ \ 
n G TV"} is {c/+g_fcaur^|fc G Af,Cf+g^k+i ^ w G E*}b and can be generated by 
generating at least one counter wrongly. 

Let T'/*g := 27/ X Sg with the canonical projections tti and tt2 and Cf^g^i := w 
with 7ri(ic) = C/®’*' and 712 ( 11 ') = h{cg^i) with h{a) := and the complement 

of {c/*g,fe$C/^g fc+i|n G TV} can be generated analogously. 

Let 27e = Sh = 27/ U {d} Ce,i '■= Cf^i and the complement of 

{ce^k^cf G TV} can be generated by either generating a wrong c//_|_i or not 
adding |c//| correctly to the number of d’s. 
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The last transformation enables building roots of functions (log is fixed point 
of the transformation); the idea to construct the counter is to keep a size h(i) 
and simulate the counter c/j- for / inside by Ch,i = where the rest is filled 

with d's. This is done until the size is not anymore sufficient, then the space is 
incremented an the simulated counter for / is started from 0 again. Formally 



this is Ch,i+i ■■= 



f d\ch,i\+i l°/.olcj g if f(j -I- 1) > h{i) 
else 



Lemma El shows that all polynomials with rational coefficient and its mul- 
tiplications with poly-logarithms are ccc. For / ranging from logarithmic to 
very big polynomials, the function g with ff(X]^=i/(*)) ~ /(^) ranges from 
logarithmic towards linear. If g{n) is a polynomial with q > p then a ccc 

function f{n) G fulfills the condition f{i)) = /(^) and Theo- 

rem El can be applied. If g{n) is a polylogarithmic function log^^^ n, we do not 
know how to find an appropriate function / to apply Theorem El directly. Howe- 
ver, if we set /(n) = log^'^'^n, the obtained function g{n) can be estimated by 
log(p/9)“® ^ < log^^'^ n for every e > 0 thus Theorem El can separate any 

CFLth(log’') from CFLth(log’’ ) with r < r' . Since the ccc functions / are dense, 
also the obtained functions g are dense between between log and lin; therefor we 
get: 

Conclusion: The parallel context-free derivation hierarchy is strict and dense 
between CFLth(log) and CFLth(lin)=CFL. 

Remark: It is easy to see (but difficult to express formally) that any nontrivial 
decision problem, where it has to be decided for a given grammar for a langu- 
age L in CFLth(gf'(n)) whether L is in CFLth(g(n)), is undecidable (provided 
corresponding ccc function /, /' exist) since counter representations could also 
contain configurations of Turing machines and the behavior of the length can 
change if an accepting configuration is reached. 

Acknowledgment: We thank H. Fernau and K.-J. Lange for helpful remarks. 
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Abstract. Generalized synchronization languages are a model used to 
describe the behaviors of distributed applications whose synchronization 
constraints are expressed by generalized synchronization expressions — 
an extension of synchronization expressions. Generalized synchronization 
languages were conjectured by Salomaa and Yu to be characterized by a 
semi-commutation. We show that this semi-commutation characterizes 
the images of generalized synchronization languages by a morphism-like 
class of rational functions. 

Topics. Automata and formal languages, theory of parallel and distri- 
buted computation. 



1 Introduction 

Generalized synchronization languages, introduced in cni, are regular langua- 
ges which correspond to generalized synchronization expressions, an extension 
of the synchronization expressions introduced by Govindarajan, Guo, Yu and 
Wang in within the framework of the ParC project. These expressions al- 
low a programmer to express minimal synchronization constraints of a program 
in a distributed context. A synchronization language can be seen as the set of 
correct executions of a distributed application where each action is split in two 
atomic actions, its start and its termination. In this sense, synchronization lan- 
guages take place in interleaving semantics (see [11| for a comparison between 
interleaving semantics and non-interleaving semantics) with split of actions 1121 . 

Salomaa and Yu conjectured in mu that the family of generalized synchro- 
nization languages coincides with the family of regular st-languages, closed under 
a particular semi-commutation function named 6. Such a characterization may 
improve the space efficiency of the implementation of synchronization expressi- 
ons. Moreover, as it is possible to decide whether a regular language is closed 
under a semi-commutation, the use of 9 would give a decidable characteriza- 
tion of generalized synchronization languages. At last, we have to point out that 
generalized synchronization languages belong to a family for which the closure 
under 9 is computable using Mtivier’s semi-algorithm introduced in 

Salomaa and Yu have shown in m that their conjecture holds for finite 
languages but it seems to be very difficult to extend this result to the general 
case and, in fact, we think that this conjecture does not hold. Nevertheless, we 
show that the semi-commutation given by Salomaa and Yu allows to characterize 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 451-^^^ 1999. 

© Springer- Verlag Berlin Heidelberg 1999 
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the family of the images of generalized synchronization languages by a morphism- 
like class of rational functions — called st-morphisms. This result establishes a 
strong link between generalized synchronization languages and languages closed 
under Q. Moreover, it reduces the conjecture of Salomaa and Yu to the question: 
’’are the generalized synchronization languages closed under st-morphisms ?” 

2 Preliminaries 

In the following, we shall denote by alph(u) the alphabet of a word u and by Uy 
the projection onto the sub-alphabet Y , i.e. the morphism defined by: for each 
letter x, ii x & Y then IIy{x) = x, else IIy{x) = e, where e denotes the empty 
word. 

The shujfle of two words u and v belonging to S* is 

U i±j V = {uiViU2V2---UnVn \ Ui G Y*,Vi G S*,U = UiU2...Un,V = ViV2---Vn} 

We denote by © the exclusive ”or”. 

We just recall the definition of semi-commutations and partial commutations: 



Definition 1. A semi-commutation relation defined over an alphabet S is an 
irreflexive relation included in Y x Y. With such a relation 9, we associate a 
rewriting system, that we will denote by Sg, defined by: Sg = {xy — > yx \ 
(x,y) G 6}. When the semi- commutation is symmetrical, it is named partial 
commutation and the associated rewriting system is defined by Sg = {xy < — > 
yx I {x,y) G 9} (for more details, see ^). 

For a semi-commutation or a partial commutation 9 defined over an alphabet 
Y, we denote by fe(u) the set of words which can be obtained applying rules of 
Sg to the word u of Y* and we say that fg{u) is the closure under 9 of u. We 
extend this definition to languages: VL C Y* ,ig{L) = UueL^®(''^)- 

3 Generalized Synchronization Languages 

Generalized synchronization expressions allow a programmer to express the syn- 
chronization constraints his distributed application has to respect. The state- 
ments are tagged and, during the execution, a statement can be executed imme- 
diately if it satisfies the constraints described by the expression, if it does not, 
the execution is delayed. 

A generalized synchronization expression may be: 

— a statement tag or e for no action, 

— if ei and 62 are synchronization expressions: 

• (ei — >■ 62) which imposes that the execution of 62 starts only after the 
end of the execution of Ci, 

• (ei I 62) which specifies that either ei or 62 can be executed but not 
both. 
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• (ei II 62) which allows the executions of ci and 62 to overlap. Auto- 
concurrence is not allowed, so expressions like a || a means a — >■ a, 

• (ei&e2) which imposes that the execution satisfies both expressions 
and 62, 

• (e^) which allows the execution of ei to be repeated an arbitrary number 
of times. 

With each generalized synchronization expression, we associate a language 
whose words represent the possible executions with respect to the expression. 
Hence, the words of the languages are traces in which each action is represented 
by two instantaneous events, its start and its termination. So, from an expression 
e over E, we construct L{e) C (Eg U Ej)* which is an st-language: 

Definition 2 . Let H be a finite alphabet. The alphabets Eg and E( are defined 
by the relation: 

(o G E) 44 - (og G Eg) {at G E(). 

A word u G (Eg UE()* is an st-word if and only if for each a: G E, G 

(xgXt)*. We extend this definition in a canonical way to languages. We denote 
by STs the set of st-words over the alphabet Eg U Ej. An st-primitive word is a 
non-empty word which has no proper left st- factor. The st-primitive factors of 
an st-word u are the st-primitive words Ui, . . . , such that u = Ui . . . it„. An 
st-word u is a sequence if u belongs to (Ua;gE 

Definition 3 . Let E be an alphabet of actions (or tags). The generalized syn- 
chronization language L{e) C (Eg U E()* associated with an expression e over E 
is inductively defined by: 

— L{e) = e, 

— for each action a, L{a) = OgOt, 

— z/e = ei — >■ 62 then L{e) = L{ei).L{e2), 

— if e = e\ \ C2 then L{e) = L{e\) U L{e2), 

— if e = 61&62 then L{e) = L{ei) fl L{e2), 

— if e = Cl II 62 then L{e) = {L{e\) m L{e2)) H STe, 

— if e = el then L{e) = {L{e\))* . 

We denote by SLg the family of generalized synchronization languages. 

By construction, generalized synchronization languages are clearly regular 
languages. Moreover, as we use an intersection after computing the shuffle pro- 
duct, generalized synchronization languages are st-languages. Note also that any 
regular set of sequences is clearly a generalized synchronization language asso- 
ciated with a generalized synchronization expression using regular operations — 

I and *. 

Salomaa and Yu m have defined the semi-commutation 9 in order to cha- 
racterize generalized synchronization languages and they have shown that the 
closure under 9 s of any regular st-language over E is regular. 
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Definition 4. Let S be an alphabet of actions. The semi- commutation By, is 
defined by: 

x=/ty 

We denote by the family of regular st-languages closed under 9. 

Example 1. Let S = {a,b} and u = asbgatbt. For example, the word bsttsatht 
belongs to ie^{u). It is clear that a left factor Ogbs means that a and b are 
executed in parallel so, it is allowed to start b before a: we can start with bsOs- 
The word asOtbsht also belongs to fgj, (u). Intuitively, we are allowed to use a rule 
bsOt — > atbs because it is not forbidden to execute a and b in sequence when it 
is allowed to execute them concurrently. 

Theorem 1 (Salomaa and Yu Any generalized synchronization langu- 

age over Eg U E( is closed under 9y- 

Conjecture 1 (Salomaa and Yu m)- An arbitrary regular st-language over SgU 
St closed under 9y is a generalized synchronization language. 

This conjecture is shown to be true in the case of finite languages in m 
but, in the conclusion of their paper Salomaa and Yu say that the proof of this 
conjecture may be very difficult because of the fact that, even for a simple langu- 
age, the associated generalized synchronization expression have little structural 
resemblance to the language (for example fg^a,b}{o,s{bsatasbt)*at) is associated 
with ((a — >■ b)* — >■ a) || (a || b)*). 

We believe this conjecture does not hold and we work on the following pos- 
sible counter-example: ie{a,b}{o,sbs{btbs{atas)~^btbs)*atbt). All the same, we will 
show that the family of the images of generalized synchronization languages by 
a subclass of rational functions called st-morphisms has the good properties of 
closure. 

Definition 5. Let E and X be two alphabets of actions. A strictly alphabetical 
morphism from E* into X* is called action morphism. With an action morphism 
ip from E* into X*, we associate a morphism (p from (Eg UEj)* into (Xg UX()* 
by .Vo S E*, (^(og) = <^(a)s and ip{at) = <p(a)t. When there will be no ambiguity, 
we shall denote by ip in the sequel the action morphism ip and the corresponding 
morphism ip. With each action morphism ip from E* into X*, we associate a 
morphism-like rational function ip : 

ip = {{u,ip{u)) I u G STs and ip{u) G STx}. 

Note that ip is equal to (flSTx) o ip o (flSTs). We name these functions st- 
morphisms, and we denote by d>gt the st-morphisms family. 

The aim of this paper is to show the equality Rg = d)st(SLG). In order 
to obtain the inclusion R^i C <I>st(SLG), we will define a coloring such that 
each regular st-language closed under 9 is the image by an st-morphism of a 
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regular colored st-language closed under a partial commutation. After that, using 
properties of partial commutations, asynchronous automata and some results 
about mixed product, we will show that the colored st-language is the image of 
a generalized synchronization language by an st-morphism. The proofs of these 
results are not immediate and use a lot of tools. For lack of space, we will only 
explain the reasoning and give ideas of the proofs. 

4 The Coloring 

The aim of this section is to get the first step of our construction: we will show 
that we can use a coloring and a partial commutation to compute the closure 
under 6 . We will first show the idea of the coloring with an example. We have 
to keep in mind that, when we consider two st-words ui and U2 defined over an 
alphabet of actions S, we have fg^{ui.U2) = Ig^{u2) (see fOl)- So, let us 

consider an alphabet of two actions S = {a, b} and a word u = agbsatbibsht- We 
have: 



fss (w) = {asbsatbt, bsUsatbt, Qsbsbtat, bsashat, agatbsbt, bsbtasat}.{bsbt}. 



We will use “colors” (here some subscripts) in order to mark some dependent 
actions. First, as the letters of two consecutive st-primitive factors can never 
be mixed, we color alternatively the st-primitive factors with two disjoint sets 
of colors and we forbid actions whose colors do not belong to the same set to 
commute. Second, in an st-primitive factor, some actions are in sequence so, we 
will bring out some sequences with colors and actions which have the same color 
will not be allowed to commute. For example, the word v = ais^'2saii^2t^5s&5i 
is a coloring of u which satisfies these conditions. So now, instead of the semi- 
commutation, we can use the partial commutation: 

Q = {(Ols, &2s)) (ois, b 2 t), (oit, 62s), (oit, &2t)}, 



and we obtain: 

fe('^) = { 0'isb2sa,itb2t,b2saisaitb2t,0'isb2sb2tait, 

^2sOls^2taitj aisait^2s^2tj ^2s^2taisait}-{^5s^5t}- 

With a partial commutation, we loose the non-symmetry. The use of the coloring 
makes up for this lost of power because the coloring contains some informations 
about dependence of actions. If the morphism ip removes colors, it is easy to see 
that fej,(M) = </^(fe(^^))- 

This simple idea can be extended to the general case. To color a word u, it 
suffices to add to each of its letters a set of colors. The set associated with an 
occurrence of letter is the union of the sets it would have received in the coloring 
of each projection over an alphabet of two actions of the word u. 

Definition 6. Let S be an alphabet of actions. With each pair of distinct actions 
a and b ofTi, we associate two disjoint sets of three colors denoted by imd 
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C{a,&} such that C{o,6}> G^a,b}> ^{c,d} C{c,d} pairwise disjoint when 
{a, 5} jtz {c,d}. Let Sc he the colored alphabet corresponding with E; 

Sc = {(a;, E) \ X G 'S,E j- U C{a_2;}), 

a^x 

X,Er\ C^a,x} = 0 © -E n C{a,a:} = 0 }- 

Notation 2 In order to simplify the use of letters of Scs U Set, we will write 
(as,E) instead of {a,E)s and, for each action a ofE, we denote 

a{as) = a{at) = a{{as, E)) = a((at, E)) = a. 

To come back to the initial alphabet, we have to “remove” colors, this can be 
done using a strictly alphabetical morphism. 

Definition 7. Let E be an alphabet of actions. The strictly alphabetical mor- 
phism <py, which removes colors is defined by: 

T's ■ (Scs U Scf)* > (Eg U S()* 

{x, E) I — > X. 

Now, we are able to define the coloring that we will use until the end of this 
section. As we have already said, this coloring is the merging of the colorings of 
projections over sub-alphabets of two actions so, we will first define the coloring 
of st-primitive words over sub-alphabets of two actions. 

Definition 8. Let E = {a, b} be an alphabet of actions. The language Pab, given 
by Figure^ contains all the st-primitive words overE colored with the set 
The language P{o,&} is obtained in the same way using C{c.h}- 

Let us remark some essential properties of this coloring. Each of them can be 
easily verified on the automaton. These properties are given for Pab but they 
also hold for 

Property 1. 

a - The language Pab is an st-language and V^{a.h}(Pah) is the set of st-primitive 
words over {a,b}. 

b - For a given color, the projection of Pab onto the sub-alphabet containing all 
the letters which possess this color is a sequence, 
c - Let (at,E) and (bs,F) be two letters of alph(Pab)- If u is an st-word of Pab 
in the form u = u\{at,E)u 2 {bs,E)uz with E C\ E = % then, U 2 contains a 
sub-word (as,G){at,G) with GflF 0 or a sub-word {bs,G){bt,G) with 
GnEy^0. 

With the two languages we have presented, we can define the rational function 
we use to color the words of a language according to the colorings of their 
projections over sub-alphabets of two actions. 
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The subscripts 1, 2 and 3 represent the colors of the set C{a,6}- The langu- 
age recognized by this automaton is called Paf,. It suffices to replace the colors 
1, 2 and 3 by respectively by 4, 5 and 6 (representing the colors of the set 
C{a,6}) to obtain Pab- 



Fig. 1. The language Pa6 
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Definition 9. Let S he an alphabet of actions. For each sub-alphabet of two 
actions X = {a, b} C S, we denote by ipab the alphabetical morphism: 

ifab ■■ (Scs U Set)* ^ (Xcs U Xet)* 

{x, E) I — (x, E n (Cx u Cx)) if a{x) e X 
(x, E) I — > e otherwise. 

The rational function ty, which colors words of S* is defined by: 

TY = { f’ab ii^abPab) (Pab U {e}))) O . 

Let us remark that for an alphabet of two actions E = {a, b}, we simply color 
alternatively the st-primitive factors according to Pab and Pab, so we obtain: 

■^{a,b} = (Ll(Pab-Pab) (Pab U {ff})) O T^a,b}' 

At last, we can define the partial commutation we will use. This partial com- 
mutation is strongly connected with the coloring we have chosen. For example, 
let us consider two letters (at,E) and (bs,F). In order to decide whether these 
two letters are independent or not, it suffices to look at the colors associated with 
the sub-alphabet {a, b}. If E is not disjoint from and F not disjoint from 

C{a b}i we know that these two letters do not belong to the same st-primitive 
factor so, they are dependent. Otherwise, since we use the colors to bring out 
some sequences, when E and F are not disjoint, these two letters belong to a 
sequence and are dependent. In the other cases, we allow the commutation. So, 
we obtain the following partial commutation: 

Definition 10. Let Sc be a colored alphabet. The partial commutation qy is 
defined by: 



{{{x,E),{y,F)) e py) ^ ((x,h) e or (y,x) £ 9y) 

and {{E U F) O C[a{x),a{v)} = ® or {EUE)n C{„(x).a(y)} = 0) 

and E 0 E 0 (C|c^^ 3 ,yct^y^} U C|cK(a;),a(y)}) ~ 0)- 

From now on, we will use the coloring, the partial commutation and the mor- 
phism ifiY to compute the closure under 9y of an st-language just as shown in 
the example at the beginning of this section. 

Proposition 1. Let L be an st-language over Sg U S(. We have: 

ie^{L) = V3s(fes(T-s(A))). 

The proof of this proposition contains two steps. First, we show the result over 
an alphabet of two actions and, more precisely, we can restrict us to st-primitive 
words. In this case, we use an induction on the length of the derivation and 
the properties of ty. Second, we use the Projection Lemma for partial commu- 
tation j2j and the notion of image of a semi-commutation by an alphabetical 
substitution |5I. 
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5 Relation between Rg and $st(SLG) 

The second step of the construction consists in showing that, for a regular st- 
language L, the language belongs to d)st(SLG). In order to do this, 

we will use asynchronous automata since, fortunately, we only obtain regular 
languages: 

Lemma 1. Let L be a regular st-language. The language fg(r(L)) is a regular 
language. 

The proof of this lemma is a direct consequence of Metivier’s Theorem |Z] 
and of the properties of the coloring. 

As we have regular languages, we will be able to use asynchronous automata 
m and mixed product. The definition of mixed product we will recall is the one 
given by Duboc in [^, this definition is a little bit different from the first one 
introduced by De Simone |5|. 

Definition 11 (Duboc j^). Let X and S be two alphabets and L and M be 
two languages respectively over X* and S* . The mixed product of L and M in 
X and S is the set L m M defined by: 

L m M = {u e (X U S)* I 7Tx(u) £ L and n^{u) £ M}. 

Clearly, the mixed product is associative. We can easily show the following 
lemma using intersection and shuffle product to compute mixed product: 

Lemma 2. The mixed product in Eis U U of n generalized 

synchronization languages is a generalized synchronization language. 

Our main result is based on the link between asynchronous automata and mi- 
xed product established by Duboc. We first recall the definition of this class of 
automata. Each state of a deterministic asynchronous automaton (DAA), is a 
vector of local components. Each letter can only read and modify a subset of the 
components which are its associated components. 

Definition 12 (Zielonka A DAA - deterministic asynchronous auto- 

maton - A over the alphabets (Ei, . . . , E„) is a tuple 

A= ((Ei,...,E„), Q.^A,qi,F) 

Ki<n 



such that: 

— (El, . . . , E„) is a n-tuple of alphabets, E = Ui<i<n ^^6 alphabet of A, 

— the global states set Qi *■5 ® direct product of local states sets Qi for 

1 < i < n, 

— qi is the (global) initial state and F the set of (global) final states; 

— the domain of a letter a£E jsJa = {l<z<n|a£ E^}, 
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— the transition function 6 is defined hy the partial functions. For each letter 
a, the partial function 5a is a set of transitions labelled by a: 

Sa C (0 Q*) X a X (0 Q,), 
ielcL i&Ia 

and for each q G Qi> there exists at most one q' G Qi such that 

{q, a, q') G 5a- The function 5 is defined by: ((qi, . . . , q„), a, (q{, . . . , q^)) G 5 
if and only if the partial transition (((qi)i^i^), a, {{q^ieia)) belongs to Sa and 
for each i ^ 4, qi = q[. 

Two letters which are associated with disjoint subsets of components are inde- 
pendent. So, each DAA leads to a partial commutation and, by construction, a 
DAA recognizes a language closed under this partial commutation. Now, we will 
briefly explain our construction. 

Proposition 2. Let L be an st-language over the alphabet of actions E. Let 
El , . . . , included in E be such that for each i, i7s (-^) ts a set of sequen- 
ces. If L is recognized by a DAA over (Ei^ U Ek), . . . , (E„s U E„() then L is the 
image by an st-morphism of a generalized synchronization language. 

Sketch of proof 1 The proof of this proposition is based on a result due to Du- 
boc 0/.- each language recognized by a DAA is the image by a strictly alphabetical 
morphism of a language recognized by a deterministic loosly cooperating auto- 
maton (DLCA). A DLCA is a DAA with a stronger condition: the function 6 is 
defined by the local transition functions 5i Q Qi x Tii x Qi, for each index i. A 
transition {{qi , . . . , qn),x, {q[, . . . , q'^)) belongs to 5 if and only if for each i ^ Ix, 
qi = q[ and if for each i G Ix, (qi,x,qi) G Si. 

Duboc gives a method to build a DLCA corresponding to a given DAA, we 
will use the same idea but we cannot use the same construction because it does 
not suit to st-languages. 

Let us denote by A= ((Ei, . . . , E„), (^i<i<„ Qi, S, qi, F), a DAA recognizing 
L whose states are both accessible and coaccessible. Since L is an st-language and 
since the languages defined by the projections over the components are sequences, 
we know that between an ”us ” and the corresponding ”at ”, no letter can have 
an effect on the state components seen by a. So, for each letter a of E, for each 
transition of Sat, have such a scheme: 




Now, we will convert A into a DLCA A! recognizing an st-language whose image 
by an st-morphism is L. We will rename the transitions in order that each label 
appears only on one transition of the partial transition function (this implies 
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that we have a DLCA) but also in order to get an st-language. For each tran- 
sition labelled by a termination of action (in the previous scheme at), we name 
the action according to the states it depends on (here we obtain new actions 
®( 9 i, 9 h 9 ")’ ■ ■ ■ ’ ^{gk,q',q")) introduce new local states in the domain of this 

action (here ni, . . . ,Uk)- We obtain: 




The automaton A' is a DLCA over new alphabets (Xi,...,X„). Moreover, 
since the first partial state qi and the last partial state q" are not changed, it is 
easy to see that L is the image by an action morphism of the language M reco- 
gnized by A! and, since L and M are st-languages, L is the image of M by an 
st-morphism. According to Duboc Wit the language M, recognized by Af , is the 
union of mixed products of regular languages, each of them being included in the 
projection of M onto a sub-alphabet X^. By definition, for each i, T[-Si,u'Sit{L) 
is a set of sequences and the property is preserved by the construction: the pro- 
jections of M over the alphabets Xis U Xu, . . . , X„s U X„t are sequences so they 
belong to SLq- Since SLq is closed under union and mixed product (Lemma\2) , 
M belongs to SLq- 



Proposition 3. The family of regular st-languages closed under 9 is equal to 
the family of the images by st-morphisms of all the generalized synchronization 
languages : Re = <i>st(SLG). 

Proof. The inclusion of <i>st(SLG) in Re has been shown in [0|. Let L be a regular 
st-language over U Sj closed under ds- According to Proposition □] we have 
the equality L = V5s(fes (te(L)))- Furthermore, by construction, 
is equal to (p^{fg^{TY:{L))) . From Lemma D is regular, according to 

Zielonka’s theorem m, the language fgj,(rs(L)) is recognized by a DAA on 
maximal cliques and according to this DAA can be converted in a DAA on a 
covering by cliques that we choose. The coloring is built such that if we consider 
the cliques (Sig U S^), . . . , (S„s U defined by: 

VI < i < n. Si = {(a;, E), {y, F) \ a(x) = a(y) or 
(E n = 0 © A n = 0) or £; n F n u ^ 0}, 

we obtain a covering by cliques of the alphabet of t^{L) such that the pro- 
jection of fg^{T^{L)) over each clique is a sequence. According to Proposition 
M fes('rs(L)) is the image by an st-morphism of a generalized synchronization 
language. Since the composition of two st-morphisms is an st-morphism [^, L 
belongs to $st(SLG). 
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6 Conclusion 

The family <j)st(SLG) = Re has the properties of closure that we wanted and it 
seems reasonable, in a practical point of view to accept the renaming of actions. 
So, this family seems to be the good one. 

The conjecture of Salomaa and Yu is still open but it is now reduced to a 
classical problem of formal languages theory : the equality of the families SLg 
and $st(SLG). 
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Abstract. Dijkstra’s predicate transformer calculus in its extended 
form gives an axiomatic semantics to program specifications including 
partiality and recursion. However, even the classical theory is based on 
infinitary first order logic which is needed to guarantee the existence of 
predicate transformers for weakest (liberal) preconditions. This theory 
can be generalized to higher-order intuitionistic logic. 

Such logics can be interpreted in topoi. Then each topos E canonically 
corresponds to a definitionally complete theory T such that E is equiv- 
alent to the topos 1E(T) of definable types over T. Furthermore, each 
model of T in an arbitrary topos F canonically corresponds to a logical 
morphism 1E(T) — ^ F. 

This correspondence enables the definition of a type specification disci- 
pline with a semantics based on topoi such that the predicate transform- 
ers in the associated logic give an axiomatic semantics for typed program 
specifications. 



1 Motivation 

The semantics of programs and program specifications can be defined axiomat- 
ically in Dijkstra’s calculus [6, 16]. Given a program (specification) S two pred- 
icate transformers wlp{S) and wp{S), i.e. mappings from formulae to formulae 
of a given logic C, are associated with S with the following informal meaning: 

— wlp{S){TZ) characterizes those initial states such that all terminating execu- 
tions of S will reach a final state characterized by TZ, and 

— wp{S) (TZ) characterizes those initial states such that all executions of S 
terminate and will reach a final state characterized by TZ. 

It has been shown in [16] that partial programs that are not defined on all 
initial states and recursive programs are comprised by this kind of semantics 
definition. Moreover, it has been shown that any pair of predicate transformers 
satisfying the pairing condition and universal conjunctivity corresponds to some 
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program specification. Predicate transformers are usefull for proving properties 
of program specification [5]. 

Dijkstra’s calculus is usually introduced in companion with guarded com- 
mands, but its application area is much more general. However, the existence of 
predicate transformers in C has to be guaranteed in any case. The classical the- 
ory uses infinitary first-order logic^. If we assume that the logic is interpreted in 
a structure St satisfying the domain closure property, then for each state cr, i.e. 
a variable assignment especially for the finitely many program variables used in 
the specification S, a characterizing predicate Va exists, i.e. we have 'Pt 

iff T = (T holds. From this the existence proof can be derived quite easily. 

A disadvantage of the classical theory is that program variables as variables 
in C are untyped. The simplest generalization would be to use a many-sorted 
infinitary logic, but in this case a type would be just a sort in L interpreted by 
a set. This is not in accordance with any established approach to type theory 
in computer science [7,9,15,23]. In particular, it can be hardly combined with 
approaches to type theory based on A-calculi [4, 15, 17]. 

Fortunately, is not the only logic that assures the existence of predicate 
transformers as a basis for axiomatic semantics. An alternative is higher-order 
intuitionistic logic [8] or infinitary coherent logic [12]. The existence proof for 
predicate transformers in these logics is analogous to the classical case. 

The main advantage is the close connection of these logics to the theory of 
topoi [2, 3, 8, 10, 11, 14]. Here, we consider the higher-order logic of Fourman and 
Scott [8,22]. Each theory T of such a logic defines a topos 1E(T) of definable 
types. Conversely, each topos E defines a higher-order language C{E) and a 
canonical definitionally complete theory T{E) with E = IE(T(A)). In particular, 
when given a topos A, the semantics of typed program specifications can be 
defined by predicate transformers in C{E). These results will be briefly presented 
in the next sections. 

The theory can be applied to formal specifications with types. In this case 
proof obligations for static and dynamic consistency and the theory of consis- 
tency enforcement [21] can be generalized [18]. Another application considers 
the extension of object oriented database theory [19] to the case of dynamics in 
the data, in which case the polymorphic A-calculus is chosen as the underlying 
type system [20]. 

Throughout the text, we assume some familiarity with basic notions of cat- 
egory theory [1, 13]. Furthermore, topos theory [2, 11, 14] and its connection to 
logic [3, 8, 10] must also be presupposed. 

2 The Classical Calculus 

This section gives a brief review of Dijkstra’s classical calculus [6, 16]. Assume 
that S' is a program specification and that X is the finite set of variables occurring 

^ It is also possible to use first order logic for arithmetic, but this alternative will not 
be considered here 
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in S. We usually call X a state space. If D is a set of values, then a state is simply 
a variable assignment a : X ^ D. Let E be the set of all such states. 

Then the meaning of S can be given by a subset A{S) C E x T’Uloo}, where 
(i7, r) G ^{S) means that starting S in the initial state a, may lead to the final 
state T and oo represents non-termination. This description does not depend 
on the style of the specification S. Of course, this trivial semantics description 
comprises non-determinism and partiality. 

Now consider an infinitary logic C with an equality predicate =. Regard 
formulae TZ with free variables in X. These are called X-predicates. Let tF{X) 
be the set of all X-predicates. Let St = (D,u) be a fixed structure for the 
interpretation of C with semantic domain D and assume that St satisfies the 
domain closure property, i.e. for each d G D there is some closed term t G T (£) 
with Lo{t) = d. Obviously, a state a is sufficient to interpret an X-predicate. 
Write \=a TZ if interpreting TZ in state a yields true. Now define two mappings 
wlp{S) and wp{S) on equivalence classes of X-predicates. 

\=a wlp{S){TZ) iff {a, t) G A{S) A T ^ 00 ^\=T TZ and (1) 
1=0- wp{S){TZ) iff (ct, r) G A{S) ^ t ^ ooA |=r TZ . (2) 

we call w{l)p{S){TZ) the weakest (liberal) precondition of S for the postcondition 
TZ. Note that this definition precisely formalizes the informal meaning of wlp{S) 
and wp{S). Moreover, the predicate transformers are uniquely determined by 
A{S) up to equivalence. 

Theorem 1. For a given program specification S the predicate transformers 
wlp{S) and wp{S) exist. Moreover, they satisfy 

wp{S){TZ) ^ wlp{S){TZ) A wp{S){true) (pairing condition) (3) 

and 

wlp{S){^TZi) 4A ^wlp{S){TZi) (universal conjunctivity) . (4) 

iOl iOl 

The following inversion theorem shows that universal conjunctivity and the pair- 
ing condition already suffice to find a specification S with corresponding predi- 
cate transformers. For this recall that the dual f* of a predicate transformer / 
is defined as f*{TZ) = -^f{~^TZ). 

Theorem 2. Let flp and fp be predicate transformers satisfying (3) and (4) 
in place of wlp{S) and wp{S). Then for a program specification S with 

A{S) = {{a,T) IK flp*{'Pr)}Ll{{a,oo) \\=„ fp*{ false)} 

wlp[S){TZ) AA flp{TZ) and vup{S){TZ) AA fp[TZ). 

In [16] recursion has been investigated with respect to the order C defined by 
5 E T iff wlp{T)fiJZ) ^ wlp{S){TZ) and wp{S){TZ) => wp{T){TZ) hold for all 
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X-predicates Ti. Therefore, for monotonic / with respect to C the program 
specification T = fiS.f{S) can be defined as a least fixpoint and wlp{T) (resp. 
wp{T)) is defined by conjunction (disjunction). 

It is well known how to define the axiomatic semantics of guarded commands 
using predicate transformers [16]. 

3 Type Systems, Topoi and Categorical Logic 

Since we are interested in axiomatic semantics for typed programs, we start with 
a brief look at type systems and their semantics. First consider a rather simple 
type system with set semantics, i.e. 

t := b\ X \ {ai : ti,. . . ,On ■■ tn) \ {t} . (5) 

Here b denotes some collection of base types, x represents some type variable, 
and (•) and {•} are constructors for record- and set-types. 

Next consider a function-type constructor. This leads to the typed A-calculus 
with semantics in cartesian closed categories, i.e. 

t . — I X I (ui . ti, . . . , Oji . ^71) I ti > ^2 I ■ (6) 

Finally, a sophisticated type system is given by the following version of the 
polymorphic A-calculus with semantics defined in the effective topos, i.e. 

t := b \ X \ ti X . . . X tn \ ti ^ t2 \ Ux.t . (7) 

n denotes impredicative polymorphic abstraction with x running over all types 
[15, 17]. As topoi are cartesian-closed and SET is a very simple topos, we may 
claim that the semantics of any reasonable type system can be defined in some 
suitable topos. 

Definition 1 . A category E is a topos iff 

(i) E is finitely complete, i.e. finite products and equalizers always exist, 

(ii) E is finitely cocomplete, i.e. finite coproducts and coequalizers always exist, 
(Hi) E is cartesian closed and 

(iv) E has a subobject classifier, i.e. a truth object 17 and a morphism true : 
I ^ 17, where 1 denotes a terminal object in E, such that pullbacks along 
true exist and for each monomorphism f : B in E there is a classifying 

morphism cl{f) : B ^ f2 making / and triv : A 1 the pullback of cl{f) 
and true. 

Now consider a higher-order intuitionistic logic C on the basis of Fourman-Scott 
languages [8,22]. Recall that such a language consists of 

— two sets Sort and Con.st of sorts and constants, 

— a power sort map [•] : UneiN SorE — > Sort written 

{A \ , . . . , An) 1-^ [Ai , . . . , An ] , 
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— a family of countable sets {Var.s}s£Sort indexed by the sorts and 

— a map # : Const Sort assigning to each constant its sort. 

We also use Var = IJseSort to refer to the set of all variables. Then for a 
given variable x G Var we write to refer to the sort of x. Moreover, we use 
73 = [] as an abbreviation for the empty power sort which will be regarded as 
consisting of truth values. 

Then the terms %{C) of sort s G Sort in C are constructed as the smallest 
set such that each variable x of sort s, each constant c with = s and Ix.ip for 
each variable x with #a; = s and each formula (f belong to % (£) . 

Informally lx.Lp means “the unique x that satisfies (/?”. However, such an x 
may not exist. More generally, the problem is how to handle possibly empty do- 
mains. The intuitionistic logic used here deals with this problem by introducing 
a formal “existence predicate” E, where Er means that t exists. This is formal- 
ized by distinguishing domains A of “possible elements” and to let E pick out 
the subdomains of actual elements. Then bound variables will range only over 
actual elements. Therefore, this version of higher order intuitionistic logic is also 
called “the logic of partial elements” . 

The introduction of an existence predicate also influences the equality predi- 
cate = which is considered as a property of actual elements. In order to compare 
also possible elements an equivalence predicate = is introduced. Non-existing 
elements are all considered to be equivalent. Since then equality can be defined 
in terms of the equivalence and the existence predicates, only = is taken as a 
primitive in the logic. Then the formulae of C build the smallest set iF{C) such 
that 

— Et for each term r G T{C), 

— T = a for terms a, r of the same sort s, 

— r(CTi, . . . ,CT„) for terms Ui G Ts,(£) and r G 

— (f A xf for formulae ip and if, 

— (/? ■)/) for formulae <p and xp and 

— Wx-p for variables x G Var and formulae p 

belong to iF{£). The definition of axioms and rules is omitted here (see [8]). 
They define the derivation operator h and from this the definition of a theory T 
of C is standard. For the interpretation of £ in a topos E we also refer to [8]. 

Given a theory T of £, we have a canonical interpretation T{T) in the topos 
IE(T) of definable types. A type A is a term of the form ly :: [s].Va; :: s.{(f 
y{x)). A relation f from s to t is a term of the form Iz :: [s,t].Va; :: s,y :: t.{ip ^ 
z(x, y)). A type A or a relation / is said to be definable iff the defining formula 
is closed. 

As a more convenient notation write A = {x s \ p} for a type A defined 
by the formula p. For a term t of sort s we then get the formula t G A. For a 
variable x with ffx = s we may use the quantifiers Vx G A and 3x G A. 

For a relation / we may use the notation for ly :: t.f{r, y) for r G %{£) 

even if do not know whether / is the graph of a function. Furthermore, we use 
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functional abstraction writing Aa: :: s.a as an abbreviation for Iz :: [s,t].Va; :: 
s,y ■■■ t.{y = cr 44> z{x,y)). 

Then two relations /, g from type A to type B are equivalent with respect 
to the theory T iff T h Va; :: s.{f^{x) = g^{x)) holds. 

Definition 2. LetT be a theory over C. The topos IE(r) 0 / definable types and 
definable total functions has as objeets the definable types of C and as morphisms 
from A to B equivalenee classes of definable relations from A to B such that 
T h Va; G Al./^(a;) G B. For f G Hom{A,B) and g G Hom{B,C) the 
eomposition go f £ Hom{A,C) is defined by Xx G A.((j^(/^(a;))). 

Then the canonical interpretation T{T) in the topos lE(r) defined as follows: 
Each sort s is interpreted by the type = {a; :: s | a; = a;}. For a constant c 
with ffc = s regard the morphism 

f = Xz :: U.c : {2 :: 15 | z{) A Ec} ^ Ag , 

defined on a subobject of 1. Then let c be interpreted by the unique morphism 
f : 1 ^ As defined by the partial morphism classifier rjA^ ■ 

4 Predicate Transformers in Higher-Order Intnitionistic 
Logic 

In order to find the analogon to the previous section we consider again a program 
specification S with state space X, but now assume that the variables in X are 
typed, i.e. for each x G X there is a sort s of £ with x :: s, equivalently X = g 
and Xg replaces the state space E. 

As in the classical case we now assume that A{S) is a subobject of (X? x 
X?)©X^. In a topos coproducts are pullback stable, hence A{S) = Z\'(S')©T'o(5') 
with a subobject A' (S) of Xg x Xg and a subobject T'o(S') of Xg. 

Definition ofwlp{S). For a formula TZ with free variables in take the subobject 
X' of A'{S) classified by 

A'{S) ^XgxXgAAXg 17 . 

Then the formula wlp{S){TZ) is defined such that X' is the pullback of A'{S) ^ 
Xg X Xg and X” x Xg ^ Xg x Xg, where X” is the subobject of Xg classified 
hyI,iwlp{S){TZ)). 

Definition ofwp{S). For a formula TZ with free variables in take the subobject 
Xi of A'{S) classified by 

A'{S) ^XgxXgAAXg 17 , 

the subobject X 2 of Xg classified by 



cl(So(S)) 
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and let X' be the pullback of Xi and X 2 x Xc;. 

Then the formula wp{S) (TZ) is defined such that X' is the pullback of A' {S) ^ 
X<; X X<; and X” x X<; ^ X<; x X<;, where X” is the subobiect of X<; classihed 
hy I^{wp{S){'JZ)). 

Theorem 3. If I is the canonical interpretation of £ in IE(T), then for a given 
program speeification S the predicate transformers wlp{S) and wp{S) exist and 
are unique up to equivalence. Moreover, they satisfy (with ffxi = (fai) 

wp{S) {TZ) wlp{S)(TZ) A wp{S){true) (pairing condition) (8) 

and 



wlp{S){yXi,. . . ,Xn-T{ai,... ,cr„)) AA Vxi,... , Xn-Wlp{S){T{ai, . . . ,(Jn)) ■ (9) 
By abuse of notation we continue to call property (9) universal conjunctivity . 
Proof (sketch). 

In both cases X' is defined as a subobject of Xq x Xq, hence X' AX 
Xq factors through some subobject Xq of Xq. Let / : Xq 17 classify this 
subobject. 

Since we consider E = IE(r), this morphism / is equivalent to 
Xxi,. . . ,Xn-ly :: l^-{y{) AA if{lz.Xi{z), . . . ,lz.Xn{z))) 



for some description-free formula p. On the other hand, for the canonical in- 
terpretation this term is just Xip) [8]. Hence the stated existence of predicate 
transformers. The uniqueness is obvious. 

Since true is an abbreviation for E(Iy :: I5.y{)) we get Xi = A'{S) and hence 
X” = X 2 , which implies the pairing condition. 

For the universal conjunctivity use direct calculation. □ 

The full proof of Theorem 3 was given in [18, Theorem 4.2.11, p.l36 ff.]. 

We also have an analog of the inversion theorem, but only up to double nega- 
tion. For this let f*{TZ) — ^f{^TZ) denote the conjugate predicate transformer 
for any predicate transformer /. 

Theorem 4. Let flp and fp be predicate transformers on £ satisfying (8) and 
(9) in place of wlp{S) and wp{S). Then with respect to the canonical interpre- 
tation in a topos IE(r) define 

A{S)^ ©To (5) , 

Cl,... ,Cn 



where the coproduct ranges over constants Ci,... ,Cn, Xq{S) is the subobject 
of Xq classified by X{fp*{ false)) and is the subobject of Xq x Xq 

classified by 



Xq X 



Xt;{flp*{xi—CiA...AXn—Cn))X-^<;{oOl—CiA...AXn—C 



12 X 17 ^ 



17 . 



Then we have wlp{S)* (TZ) AA flp* (TZ) and wp*{S){IZ) fp*{TZ). 
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Proof (sketch). 

We have 72. Vxi, . . . , a:„.r(ci, . . . , c„) with r = lz.{z{x \, . . . , Xn) -•'TV). 
From this we calculate X^{wIp{S){t{xi, . . . ,Xn))) = X^(/^p(t(xi, . . . ,Xn))), 

hence wlp{S) (TZ) flp{TZ) because of the universal conjunctivity property. 

Moreover, X^{wp{S){true)) = -> o d{IJo{S)) = -i o -^X^{fp{true)). From this 
we conclude wp{S){true) fp{true). Applying the pairing condition completes 
the proof. □ 

The full proof of Theorem 4 was given in [18, Theorem 4.2.16, p.l43 ff.]. 

5 Dual Predicate Transformers 

In the classical theory the conjugate predicate transformers wlp{S)* and wp{S)* 
already determine the predicate transformers wlp{S) and wp{S). This can not 
be expected in the non-classical case, since —>^TZ is in general not equivalent to 
72. However, the meaning of the conjugate predicate transformers in the classical 
theory can be informally characterized as follows: 

— wlp{S)* (TZ) characterizes those initial states such that there exists a termi- 
nating execution of S which reaches a final state characterized by 72, and 

— wp{S)*{TZ) characterizes those initial states such that there exists an execu- 
tion of S which either fails to terminate or reaches a final state characterized 
by 72. 

Therefore, we can also start from this meaning and define dual predicate trans- 
formers wlp{S) and wp{S) in the non-classical case. Then we have to prove an 
existence result and derive a dual pairing condition and a universal disjunctivity 
property. 

As in case of wlp{S), wp{S) we start with a relational semantics of a state 
transition S dehned by a subobject A{S) of the coproduct {Xg x Xg) 0 Xg. We 
may write A{S) = 4\'(S') 0 So{S) with a subobject W(S') of Xg x Xg and a 
subobject A’o(S') of Xg. 

Definition of wlp{S). For a <r-predicate 72 take the subobject X' of A' (S') 
classified by 



A'{S) ^XgxXg^Xg D 

and let the formula be the classiher of X' ^ Xg x Xg. Then define 

wlp{S){TZ) :: U.ifZyi, , y^fp z{)) ^ z{)) 

3yi, . . . ,yn.p . 
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Definition ofwp{S). For a ^-predicate TZ define 

wp{S){TZ) wlp{S) (TZ) V 1 ^ , 
where Tfipo) classifies Sq{S) ^ X<,. 

The predicate transformers wlp{S) and wp{S) will be called the dual predi- 
cate transformersoi the state transition S. Now we can prove an existence and 
uniqueness theorem with the desired properties. 

Theorem 5. Let I he the canonical interpretation of £ in IE(T). Then for 
a given program specification S the predicate transformers wlp{S) andUJp{S) 
exist and are unique up to equivalence. Moreover, they satisfy (with ffy = 

wp{S){TZ) wlp{S){7Z) \/vJp{S){ false) (10) 

and 

wlp{S){3y.T{y) A y{xi,. . . ,Xn)) ^ 3y.T{y) A wlp{S){y{xi, . . . ,Xn)) ■ (11) 

(10) will be called the dual pairing condition and (11) universal disjunctivity 
property. 

Proof (sketch). 

Since X' is defined as a subobject of Xq x Xg, we may take its classifier 
/ : Xq X Xq Q. Since we consider E = 1E(T), the morphism / is equivalent 
to 



Acci, ... ,Xn,yi,... ,yn-1y ■■ 13- 

{yO ^<p(lz.xi{z),... ,lz.Xn{z),Iz.yi{z),. . . ,lz.yn{z))) 

for some description-free formula p. On the other hand we know that for the 
canonical interpretation this term is just X(^^.;)((p). Hence the existence of the 
predicate transformer wlp{S). The existence oiwp{S) is shown analogously, the 
uniqueness is obvious. 

For the proof of the dual pairing condition it is sufficient to show wp{S){ false) 
po with Ifipo) = cl{So{S)), which can be achieved by direct computation. 
For the universal disjunctivity (11) write 

wlp{S){3y.T{y) £y{xi, . . . ,x„)) 4^3yi,... ,y„.p 

and wlp{S){y{xi, . . . ,Xn)) ^ 3yi,... ,yn-fi>- Then the required result follows 
from ^ p {3y.T{y) Afi). □ 

The full proof of Theorem 5 was given in [18, Theorem 4.2.13, p.l40 ff.]. 

Next we may also ask whether we can get back wlp{S) and uJp{S) from 
predicate transformers flp and fp satisfying the dual pairing condition and the 
universal disjunctivity property. In contrast to Theorem 4 we can achieve a 
stronger result. 
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Theorem 6. Let flp and fp be predieate transformers on L satisfying (10) 
and (11) in plaee of wlp{S) andlUp{S). Then with respect to the canonical in- 
terpretation in a topos IE(T) define 

A{S)= U z\,,.„,,e„©ro(5) , 

Cl,... ,Cn 



where the coproduct ranges over all constants Cl, . . . ,c„ with ffci = ffxi, Sq{S) 
is the subobject of Xg classified by T;{f p{ false)) and Z\ci,...,c„ is the subobject 
of Xg X Xg classified by 



X? X 



It;{flp{xi—CiA...AXn—Cn)) XX(;{xi—Ci A . . .AXr 



—^n) f-. r\ ^ 

uy.il — i 



Q 



Then we have wlp{S) (TZ) flp{TZ) and wp{S) (TZ) fp{TZ). 

Proof (sketch). 

A{S) is a well-defined subobject of Xg x Xg, hence defines a state transition 
S. Let 



A'{S)= U . 

Cl . ^Cyi 

First write TZ 3j/.(r(?/) A y{x \, . . . , Xn)) with 

r = Iz.yy.{z{y)<^3yi,... , y„.r'(yi, . . . ,y„)A 
(Vxi, . . . ,Xn-y{Xi, ... ,Xn) ^ Xi = yi A ... A Xn = Pn)) 

and r' = Iz.fjixx , . . . , Xn-z{x \, . . . , Xn) ^ TZ). 

Then we may apply the universal disjunctivity property for flp and compute 
flp{TZ) with 

V’ ^ ... ,Vn) A flp{y{xi, ... , Xn)) . 

Now let Y' be the subobject of X? x X? classified by and X' the 

pullback of A' (S) A Xg x X<j and Y' ^ Xg x Xg. 

We show (■(/)) oi = J^(7?.) o 7 T 2 oL Consequently, X' ^ A'{S) is classified 
by T<;(TZ) o 7 T 2 o I and X' = Y'. 

If classifies X' — > X? x Xc, then this implies p ^ f). 

By dehnition we have wlp{S){TZ) <tA 3yi, . . . , Pn-T, which completes the proof 
of wlp{S) = flp. 

For wp{S) we simply exploit the dual pairing condition for flp and fp. □ 
The full proof of Theorem 6 was given in [18, Theorem 4.2.18, p.l45 ff.]. 
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6 Conclusion 

Dijkstra’s original predicate transformer calculus is well known as one approach 
to axiomatic semantics. The major goal is to reason about program specifica- 
tions in logical terms and to prove properties such as termination, determinacy, 
consistency, etc. Unfortunately, it is untyped in contradietion to the many results 
in the area of strongly typed programs. 

Therefore, we asked for a generalization of Dijkstra’s predicate transformer 
calculus to typed program specifications. First we argued that any reasonable 
type system defines its semantics in some suitable topos. More precisely, we 
could even restrict to recursive realizability topoi such as the effeetive topos 
or the recursive topos. Hence type semantics canonically defines a higher-order 
intuitionistie logic. 

This logic associated with a topos is taken as a cornerstone for the work in 
this paper. Starting from the intensional meaning of predicate transformers we 
found the general characterization of wlp{S) and wp{S) using category- theoret- 
ical arguments. We could also derive properties that generalize the well known 
characteristics in the classical theory, i.e. the pairing condition and universal 
conjunctivity. This in turn allowed to establish a weak form of the inversion 
theorem, where programs are characterized uniquely up to double negation of 
their predicate transformers. In the same way we were also able to generalize 
dual predicate transformers and prove a second stronger inversion theorem. 

The whole work is part of a larger project on specification theory with topos 
semanties. In that theory it is also possible to generalize consisteney proof obliga- 
tions and shift the theory of consistency enforcement to a level, where it coexists 
with type theory. 
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Abstract. In this paper we study applications of relations based on rewrite 
systems to regular tree languages. For instance, we want to deal with deci- 
dability problems of the form “TZel{Li) C L 2 ” where Li,I /2 are regular tree 
languages and TZel can be either 10, 01, parallel, or one step rewriting for a 
given rewrite system. Our method somehow standardizes previous ones be- 
cause it reveals conditions TZel must fulfill to preserve recognizability for the 
language TZel{Li). Thanks to classes of recognizable languages wider than 
the regular one, we get some new results. We pursue this method to tackle 
the problem of computing the set of descendants of a regular tree language 
by a rewrite system. 



1 Introduction 

This paper tackles decidability questions TZel{Li) C L 2 where Li and L 2 are regular 
tree languages and TZel is a relation based on a term rewriting system. For instance, 
we want to decide whether the set of direct successors of terms in Li by a term 
rewriting system is a subset of ^ 2 - In this case TZel is “one-step rewriting”. For 
example, this enables us to decide whether 72.* (Li) = Li for any term rewriting 
system 72. We essentially investigate cases where TZel is one-pass rewriting with 
several strategies: one-step rewriting, parallel rewritings, 10 or 01 pass rewriting 
( |Fng78| ) or leaf or root started rewriting l |F,lbV9j^ L All these relations have a 
common principle: redexes are sufficiently spread out in terms to avoid creating 
overlaps between two rewritings. We say in this case that rewritings can be done 
concurrently. Basically, we exploit this property in our constructions. 

Decidability problems TZel{Li) C L 2 are difficult to solve because 72e/(Li) is 
not regular. So we suffer from lack of usual useful tools to manipulate these sets, 
and to decide for instance, inclusion or emptiness. Nonetheless, related works in the 
literature often partially solve this problem with tree automata manipulations, e.g. 
by adding or transforming rules. Authors reduce these decidability questions about 
complex sets to decidability questions about regular tree languages. We propose in 
this paper an approach that reveals why this can be done and somehow unifies them 
in a standard understanding. Thanks to classes of recognizable languages larger than 
the regular one, we obtain new decidability results. 

The main principle is to reduce the inclusion TZel{Li) C L 2 to some inclusion 
between regular sets in such a way the latter holds if and only if the former also 
holds. To do that, we use transformations via inverse tree homomorphisms and 
intersections by regular tree languageR Inverse homomorphisms fix redexes and 

^ In the sequel, we will write just “language” and “homomorphisms” instead of “tree 
language” and “tree homomorphism”, respectively. 
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intersections control that the relation TZel is well applied. For instance, let us consider 
that TZel is one-step rewriting with a given rule I — )> r. We denote by TZel{Li) the set 
{t \ u ^ t, u G Li}. We consider a new symbol • and two tree homomorphisms T/j. 
and defined by the mappings 4>i{*) = ^ ^ind 4>r{*) = In this case one can show 
that TZel{Li) is exactly the set flTJ-c), where TZ^ is the regular language 

of terms containing exactly one symbol •. So we have two immediate consequences, 
from the closure properties of regular languages. First, TZel{Li) C L 2 is decidable 
because it is equivalent to decide whether (iTZc) C <F“^(L 2 ) and this last 

expression only involves regular languages. Second, if tfV is a linear homomorphism, 
then TZel{Li) is regular and therefore we can decide whether TZel{Li) = ^ 2 - It is 
important to note that this method leads to effective proofs. 

The question is now: how this method can be extended and what are its limits? 
We give some ideas for the answer. Rewritings can be “imitated” by homomor- 
phisms only in some cases. Homomorphisms are not helpful when redexes are too 
close, namely when some instances of left-hand sides of rules overlap in two rewrit- 
ing steps. When more than one rewriting step are applied, we need to follow some 
strategies in order to keep the opportunity of using homomorphisms. For instance, 
10 and 01 (|Eng75[FS77IFS78| 'l strategies and one-pass leaf- and root-started stra- 
tegies (' |F.ISVhA| l ha.ve this non-overlapping property but some new restrictions on 
linearities on left or right-hand sides of rules are now required. 

Another improvement is to try to compute the set TZ*{L) of descendants (or the 
set of normal forms) of a regular language L by a rewrite system TZ. This topic has 
been studied in many papers l |Sa,18SinT9fllCnCV94| l and all constructions rely on 
similar arguments. We are able to compute TZ*{L) with our method under some 
restrictions. In fact, we construct a sequence of languages (Tfe)fcgAr with Lq = L 
such that: 

Vfc e N, TZ(Lk) c Lk+i c 7^*(Lfc)• 

These languages are regular when TZ is right-linear and under some other restric- 
tions on TZ, there exists an integer i such that Vfc > i, = Li hence TZ*{L) = Li. 

The paper is organized as follows. In section 0 we introduce our method. We 
apply it in Section 2|on one-step rewriting, parallel rewriting, computation of normal 
and sentential forms according to one-pass 10, one-pass 01, one-pass root-started or 
leaves started. Finally we study the language TZ*{L) in Section O 

The table in Section h. Il siimma.rizes our results. 



2 Preliminaries 

2.1 Signature, Terms, and Rewriting 

Let n G N. We denote by [n] the set {1,2,..., n} and N* denotes the set of finite- 
length strings over N . 

Let us consider a signature E and a countable set of variables X . A term over 
A U A is a partial function t : N* — )> A U A whose domain T’os{t) satisfies: 

- 'Pos{t) is nonempty and prefix-closed; 

- If t{p) G A„, then {i\pi G Pos(t)} = (0, 1, . . . , n — 1}; 

- If t(p) G A, then {i\pi S 'Pos{t)\ = 0. 
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Each element of Vos{t) is called a position. Two positions pi and p 2 are compara- 
ble if there exists p such that pi = pp 2 or p 2 = ppi, otherwise they are incomparable. 
A branch of t is a prefix-closed subset of Vos{t) in which all positions are pair- 
wise comparable and whose greater position p holds a constant or a variable, i.e. 
t{p) G X U Sq. We denote by \p\ the length of a position p. The height of a term t, 
denoted by Height{t), is the maximal length over all positions in t. We denote by 
Var{t) the set of variables which occur in t, and t\p is the subterm of t rooted at 
position p, and t[u]p is the term obtained by replacing in t the subterm at position 
p by u. If IpI = n, then t\p is called a subterm of t at depth n. Given a position p, 
subterms rooted at position pw, w € N, are called brother terms. 

The set of all terms (or trees) is denoted by T{S,X). If A = 0 then T{S,X) 
is denoted by T{E). Terms of T{E) are called ground terms. A term t in T{E,X) 
is linear if each variable occurs at most once in t. When each variable either occurs 
at positions of length 1 or only once in t, we say that t is semi-linear. We fix some 
typographical conventions for the rest of the paper. In what follows, x^y and z, 
possibly with subscripts, are variables, and the letters t,u and v will denote terms. 

We denote by A„ a set of n distinct variables, A„ = {xi , . . . , a;„}. A linear term 
C of T{E, Xn) is called a context and the expression C[ti , . . . , t„] denotes the term 
obtained from C by replacing for each i, Xi by U. We denote by C”(A) the set of 
contexts on S and A„, and C{S) the set of context with one variable. 

A substitution cr : X — >• T{E,X) is extended to a mapping cr : T{E,X) — >• 
r(A, X) so that a{f{ti , . . . , t„)) = /(cr(ti), . . . , a{tn)). A term t G T(S) eneompas- 
ses a term u G T(A, X) if there exists a substitution a such that au is a subterm of 

t. 

Let T be a signature and ip a mapping which, with / G E„, associates a term 
tf G T{r, Xn). The tree homomorphism from T{S) into T{F) determined by p is 
defined as follows: 

• <l>{a) =taG T{r) for each a G Eq; 

• =tf[<P{ti),...,F{tn)]. 

A tree homomorphism is linear when for each symbol / G E„, p{f) = t/ is a 
linear term of Tp{Xn) and semi-linear if is semi-linear. 

A term rewriting system (TRS) TZ over A is a finite set of rewrite rules I — >■ r such 
that l,r G T{E,X), Var{r) C Var{l) and I ^ X. The rewrite relation -g-r, on T{E) 
induced by TZ is defined so that t -Gr, u if there exist p G 'Pos{t), a substitution cr and 
I ^ r gTZ such that t\p = al and u = t[ar]p. The reflexive, transitive closure of -Gr 
is denoted by — Hence s t iff there exists a derivation to -Gr ti -Gr . . . -Gr tn 
in TZ such that n > 0, to = s and = t. 

Given a rule I ^ r G TZ, the term I is the left-hand side and r is the right- 
hand side of the rule. When every left-hand side of rule is linear, we say that TZ 
is left-linear. Similarly, we define right-linear, left-semi-linear and right-semi-linear 
TRS. 

A term s G T{E,X) is irreducible with respect to TZ if s -Gr u for no u. And s 
is a normal form of t G T{E, X) if t -Gr s and s is irreducible with respect to TZ. 
Finally s is normalizable with respect to TZ if there exists a normal form of s. 
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2.2 Tree Automata 

Most of the constructions in this paper rely on three classes of tree automata: fi- 
nite tree automata, automata with tests between brothers and reduction automata. 
General tree automata generalized these three classes. 

A general tree automaton A = (if, Q, Qf, A) is given by a signature if, a finite set 
of unary symbols called states Q such that ifflQ = 0, a finite set of final states Qf Q 
Q , a finite set of rewrite rules A of the form f{qi{xi), . . . , qn{xn)) ■ ■ ■ , Xn)) 

where / G if„, q,qi, . . . ,q^ € Q and c is a constraint, i.e. a conjunction of positive 
constraint p = p' and negative constraint p p' where p and p' are positions of 
length greater than or equal to 1. 

Rules in A are constrained rules, i.e. t — s at position p with t,s G T(if U 
Q) if there exists a rule f{qi{x\), . . . ,qn{xn)) A q{f{xi, . . . ,Xn)) G A such that: 
t s by the rule f{qi{xi), . . . ,qn{xn)) -t q{f{xi,...,Xn)) at position p, and 
y (t|pii , . . . , ) satisfies c. 

A term t G T{E) satisfies a positive constraint p = p' (respectively negative 
constraint p p') if t\p = t\pi (respectively t\p t\p/). 

A term t G T{E) is accepted by A if f — q{t) where g is a final state. The 
language recognized by A is the set of terms accepted by A and is denoted by L{A). 
A is deterministic when for each couple /(gi(a;i), . . . , qn(xn)) A g(/(xi, . . . , Xn) 

and f{qi{xi), . . . ,g„(a:„)) A- q'{f{xi, . . . ,x„) of rules of A, the constraint c A c' is 
unsatisfiable if q q'. 

A tree automaton is a general tree automaton where rules are without constraint. 
The class of tree languages recognized by tree automata is the class of regular 
languages. 

A tree automaton with tests between brothers is a general tree automaton 
where the length of positions occurring in each constraint is 1, i.e. equalities 
and inequalities are imposed between brother terms. REC^ denotes the class of 
languages recognized by tree automata with tests between brothers. 

A reduction automaton A is a general tree automaton such that there is an 
ordering on the states of A such that, for each rule /(gi(xi), . . . , g„(x„)) —>■ 
q{xi, . . . ,Xn)), q is smaller than each g^. Moreover if a positive constraint oc- 
curs in c, g is strictly smaller than each g^. RA denotes the class of languages 
recognized by the class of reduction automata. 

Classes of tree languages recognized by tree automata, tree automata with tests 
between brothers and deterministic reduction automata are closed under union, in- 
tersection, complementation. Moreover, the inclusion problem and the emptiness 
problem are also decidable. 

The class of regular languages is closed under inverse homomorphisms and linear 
homomorphisms, i.e. and 'J'(T) are regular for any homomorphism (p, linear 

homomorphism E and regular language L. The image of a regular language L by a 
semi-linear homomorphism is a language of REC^. 

Finally the set of terms encompassing a linear term is regular and the set of 
terms encompassing any term is recognizable by deterministic reduction automata. 
The recognizability problem is decidable for REC^, i.e. it is decidable whether L is 
regular for any L G RECf, !BST99j . 
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3 Decision Problems and General Method of Resolution 

Let us consider the decision questions “TZel{Li) C L2 ?” and ^'TZel(Li) = L2 ?” 
where Li and L2 are regular languages, and TZel(Li) is the image of terms of Li by 
a relation TZel. 

Our method for deciding such questions is based on the following remark: under 
some assumptions, we can associate with TZel two homomorphisms !?/, and a 
regular “checking” language i?c, i-C. a tree bimorphism such that: 

TZdiLi)=^ri^-\Li)nR,) ( 1 ) 

The construction is very simple: let TZhe a, TRS of n rules li ^ r^. 

We associate with each rule of the system TZ a new symbol »i whose arity equals 
to the number of distinct variables of — )> Let A be the signature of these new 

symbols and T the signature SUA. 'T'l and Wr will be the tree homomorphisms from 
T{r) into T{S) defined by: 

• V/ e Ep, %{f) = = /(xi,...,a:p), and 

• Vi G [n], = k and 'l'r{»i) = n. 

The set can be viewed as the set of terms of T{r) obtained by putting 

symbols of A in place of some occurrences of left-hand sides of rules in t. Homomor- 
phism 'Pj. will apply the rewrite rules at this redexes. 

The checking language Rc will be defined w.r.t. TZel. For example, when TZel is 
just the one-step rewriting, Rc just checks that there is only one •i. 

Of course this method has its limitations. Roughly speaking, we can simulate by 
this way rewriting which can be done concurrently; it implies non-overlapping and 
some conditions on linearity. 

We show now how this construction gives easy decision algorithms for our que- 
stions, under some assumptions. 

Let us first notice that when Wc is linear (i.e. TZ is right-linear) and Rc is re- 
cognizable, n Rc) is recognizable (and you can effectively construct an 

automaton for it). So we can decide whether it is included in (resp. equal to) a 
given regular language. In fact we can reduce the right-linearity condition to the 
right-semi-linearity condition, since the image of a regular language by a semi-linear 
homomorphism is in REC^ and the inclusion problem is decidable for REC^. 

So in this case, we get an easy decision algorithm for deciding “TZel{Li) C L2?” 
and ''TZel{Li) = L2?” where Li and L2 are regular languages. 

When Er is not linear, fl Rc) is no more (in general) recognizable; 

however, we can decide “TZel{Li) C L2E . 

Indeed, <Fj.(tF;“^(Li) ni?c) is included in Li if and only if E^^{Li)r\Rc is included 
in E~^{Li). When Rc is regular, both El~^{Li) fl Rc and E~^{Li) are (effectively) 
regular. Hence we just have to decide as whether a regular language is included in 
another one. 

In fact, we don’t need the recognizability of Rc, using the properties of the class 
of languages recognized by reduction automata (decidability of emptiness, closure 
under intersection), we just have to suppose that Rc is recognizable by a reduction 
automaton. This allows us for example to deal with computation of normal forms 
according to some strategies like in |F.TSV98j . This works fine because, for any finite 
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set of terms Eg, the language Rg^ = {t & T{E) \ t encompasses no term of Eg} is 
recognizable by a reduction automaton EM- 

To summarize, our method is based on the two following propositions: 

Proposition 1. If TZel{Li) = Er{Ejf^{Li) fl Rc) with Sv right- semi-linear and Rc 
regular, then “TZel{Li) = L 2 ?” with L\ and L 2 regular, is decidable. 

Proposition 2. IfIZel{Li) = Er{Ej~^{Li)r\Rc) with Rc recognizable by a reduction 
automaton, then “TZel{Li) C L 2 ?” with L\ and L 2 regular, is decidable. 

4 Applications 

We use the method developed in the previous section in order to study the decision 
questions ''TZel{Li) C L 2 ?” and “7^e/(Li) = L 2 ?” where Li and L 2 are regular 
for different relations TZel depending on a TRS TZ composed of n rules. We give 
for each studied relation, the checking language Rc and the conditions for which 
TZel{Li) = Ec{Ef\Li)nRc). 

4.1 One-Step Rewriting and Parallel Rewriting 

One-step rewriting is the application of one rule of TZ. The image of L by one- 
step rewriting is TZ{L) = {t £ T{S) \ 3u £ L, u t}. Parallel rewriting is the 
application of a set of rules on incomparable positions. Let u and t be two terms 
of T{E). If parallel rewriting is denoted by -f|> , t -f|> u if and only if there exists 
k G N, C G C^{S), ii, . . . ,ik G [n] and cti, . . . , Cfe substitutions on T{E, X) such that 
t = . . . , ZifcCTfe] and u = C[ri.^ai, . . . , ri,.ak]. The image of L by application 

of parallel rewriting is TZ\\{C) = {t G T{E) \ 3u G L, u -f|> t}. 

Example 1. Let us consider the signature E = {//2, g/1, a/0, &/0} and the TRS 
with two rules f{x,x) — >■ g{x) and 6 — )> a. If L = {f{g{b),g{b))} then 
= {g{g{b)), f{g{a),g{b)), /(g(&), g(o))} 

= {fi 9 ib),glb)), f{g{b),g{a)), f{g{a),g{b)), /( 5 (a), 5 (a)), gig{b))} 

Let Rl be the set of terms of T(T) with only one symbol of A and Rc the set of 
terms of T{E) with at most one symbol of A on each branch. These languages are 
regular and we can prove that: 

TZ(Li) ^ rnzl) TZifLi)=Er{Er\Li)mzl) 

Hence according to Propositions Inland Ewe obtain: 

Proposition 3. “TZ{Li) C L 2 T” and TZ\\{Li) C L 2 T” are decidable for any TRS TZ, 
and “TZ{Li) = L 2 T” and “TZ\\{Li) — L 2 T” are decidable for any right- semi-linear 
TRSTZ. 

Moreover for any TRS TZ and for any regular language L, TZ{L) C L TZ*{L) = 
L. This statement can be used as a halting criterion for approximations of computa- 
tions of the set TZ*{L). For instance, see related works by J. Waldmann or T. Genet 



Corollary 1. For any TRS TZ and regular language L, ‘TZ*{L) = L 1” is decidable. 
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4.2 One-Pass 10 and 01 

If TZ is linear, a term t rewrites to a term u in one-pass if all rewritings in the 
derivation of t in rt can be applied concurrently. 

Example 2. Let E = {/i/3, //2, 5 /I, a/0} and 72. be the TRS composed of the rules 
h{x,g{y),z) — >■ f{y,x) and g{x) — >■ a. The following derivation can be done in one- 
pass: 

Hfigia),a) ,g{g{a)) ,a) ->■ f(g(a) ,f(g(a),a) ) ->■ f(g(a) ,f(a,a) ) ->■ f(a,f(a,a) ) 

In general, 72 is not linear, and hence we must indicate if subtrees are rewritten 
before or after generating or testing equalities defined by the rules. There are two 
usual strategies |EEi75| : 

01 pass: Rewriting from the root (outermost) to the leaves (innermost). 

10 pass: Rewriting from the leaves to the root. 

If a term t rewrites to a term u in one-pass 01 (respectively 10), then we denote 
t — >■“ u (respectively t — u). 

Example 3. Let S = {//2, g/2, a/0, 6/0} and consider the rewrites rules f{x,x) — >■ 
g{x, x) and a ^ b. 

Hence f{a,a) — g{a,b) but /(a, a) g{a,b), and f{a,b) — g{b,b) but 
/(a, 6 ) g{b,b). 

Let us denote SFoi(L) = {t £ T{S) | 3s € L, s — >■“ t} and SFjo(L) = {t £ T{E) \ 
3s € L,s — t}. When TZel is one of these relations, there is no checking langu- 
age and we can prove that C SFjo(Li) and C SFoi(Li). 

Examples 21 and 0 show that these inclusions may be strict. 

Example / (10 requires rules to be left-linear) . 

Let the signature E = {//2, g/l, a/0, 6/0} and the rules f{x,x) — >■ g{x) and a ^ b. 

We have f{a,b) — >■“ g{b) since f{a,b) — >■ f{b,b) — )> g{b). But there is no term u 
of T{E) such that Ei{u) = f{a, 6 ) and Er{u) = g{b). 



Example 5 (01 requires rules to be right-linear). 

Let the signature E = {//2, 5 /I, a/0, 6/0} and the rules g{x) — >■ f{x,x), g{x) — >■ a 
and g{x) — >■ 6 . 

We have g{g{a)) -)>“ /(a, 6 ) since g{g{a)) -)■ /( 5 (a), 5 (a)) -)■ f{a,g{a)) -)> 
/(a, 6 ). But there is no term u of T{E) such that Ei{u) = g{g{a)) and tf'r(w) = /(a, 6 ). 

We can prove that for every left-linear (respectively right-linear) TRS 72, 
SFio(Tvi) = (Li)) (respectively SFoi(Li) = Er{'E(f^ {Li))) . Therefore, 

Proposition 4. Eor any left-linear TRS ‘SFio(7^i) C L 2 ?” is decidable, and for any 
left-linear and right-semi-linear TRS ‘SFio(Li) = L 2 ?” is decidable. 

Eor any right-linear TRS, ‘SFoi(Li) C L 2 I” and ‘SFoi(Li) = L 2 ?” are decidable. 
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4.3 One-Pass Root-Started Rewriting and One-Pass Leaf-Started 
Rewriting 

Z. Fiilop et al. introduce variants of the one-pass 10 or 01 rewritings in mm-- 
one-pass root-started and leaf-started rewritings. The first (respectively second) is a 
01 pass (respectively 01) pass in which each rewriting concerns positions immediately 
adjacent to parts of the term rewritten in previous rewritings. 

Because these strategies are very similar to 10 and 01 ones, we obtain here similar 
results. 

One-pass root-started rewriting may be described as follows. Let t be the term 
of T(S) to be rewritten. The portion of t first rewritten should include the root. 
Rewriting then proceeds towards the leaves so that each rewrite step applies to a 
root segment of a maximal unprocessed subtree but never involves any part of the 
tree produced by a previous step. For the formal definition a new TRS in which a 
new special symbol forces this kind of rewriting is associated with TZ. The reader is 
reported to fF.TSV98j for a formal definition of this rewriting strategy. 

Z. Fiilop et al. obtain decidability results when rewrite systems are left-linear. 
Surprisingly, our method leads to decidability results in the case of right-linear 
rewrite systems. Moreover, our techniques are powerful enough to strengthen the 
result from inclusion problems to equality problems. 

In the following, — denotes the one-pass root-started rewriting relation. 

Let us denote SF|(L) = {t € T{S) | 3s G £, s — t} and NF^(L) the set of all 
one-pass root-started normal forms of L. Z. Fiilop et al. |F.ISV98j have shown that 
“SF^(Li) C L 2 ?” and “NF^(Li) C L 2 ?” are decidable for any left-linear TRS TZ. 

Let us denote, for any term of T{r), by lT^{t) the string defined by the symbols 
on the branch tt of t. 

Sentential forms In order to verify that a one-pass root-started rewriting applies 
to a term t of T(T), each word Z,r(t) must belong to A* S* . Let be the set of 
terms t of T(T) such that for any branch tt of t, lT^{t) G A*E* . We can prove that 
is regular and that for any right-linear TRS TZ'. 

SF^(Li)='F,('Fr'(Li)nRi^). 

Right linearity is necessary for the same reason than for one-pass 01. 

Proposition 5. For any right-linear TRS ‘SF^(Li) C L 2 T” and 'SF^(Li) = L 2 ?” 
are decidable. 

Normal forms The only difficulty here is to define the checking language. Accor- 
ding to the strategy, when u G Fj~^{t) satisfies one of the two following properties a 
rewrite rule can be applied: there is an instance of a rule at the root of u or there is 
an instance of a rule just below a dotted symbol in A. 

Let , Rf^ and Rf-^ be the following sets of terms: 

. . . ,yi-i,lk[xi, . . . ,Xp^],yi+i, . . . ,yp,] \i,k G [n],l G [pi] and 

Xl, . . . , Xpj^ , yx; • ■ • ; yi — lj yk+1-! • ■ • 7 ^ df} 

i?| 2 ^ = {t G T{r) I t encompasses no term of E^^} 

= {i G T{r) G [n], J^cr substitution, t = ah} 
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We have NF^(Li) = ^{Li) H fl fl Moreover, R^^ is reco- 

gnizable by a deterministic reduction automaton. Hence, 

Proposition 6. For any right-linear TRS '1\IF^(Li) C L 2 ?” is decidable. 

For any linear TRS, '1\IF^(Li) = L 2 ?” is decidable. 



One-pass leaf-started rewriting One-pass leaf-started rewriting starts from lea- 
ves (either from constants or just above constants) and proceeds upwards. Each 
rewrite step applies just at the border of unprocessed part of the tree. 

Z. Fiilop et al. obtain decidability results when rewrite systems are left-linear . 
On the one hand, we need stronger restrictions, but on the other hand we are able 
to strengthen the result from inclusion problems to equality problems. 

In the following, — denotes the one-pass leaf-started rewriting relation, SF-|-(L) 
= {t G T{S) I 3s S L, s — t} and NF^(L) is the set of all one-pass leaf-started 
normal forms of L. Z. Fiilop et al. |F,lbV98| have shown that “SF^(Li) C L 2 ?” and 
“NF^(Li) C L 2 ?” are decidable for any left-linear TRS TZ. 



Sentential forms. In order to verify that a one-pass leaf-started rewriting applies 
on a term t of T{F), each string must belong to E*A*So U E*A*. Let be 
the set of terms t of T{F) such that for any branch tt of t, G S*A*Eq U E*A*. 
We can prove that is regular and that for any left-linear TRS TZ: 

Left linearity is necessary for the same reason than for one-pass 10. 

Proposition 7. For any left-linear and right- semi-linear TRS, ‘SF^(Li) = L 2 ?” is 
decidable. 

Normal forms Vi G [n], let pi be the number of distinct variables of k. Let 
and TZ^^ be the following sets of terms: 

= {li[ui,...,Up.] I i G [n],Vj e [Pi],Uj G Eq or 3k G [n],3yi, . . . G T, 

Uj = »k{yi,...,yp^,) and variables of UiG[pd 
are pairwise distinct} 

TZ^^ = {t G T{F) I t encompasses no term of E^^} 

We can prove that for any term t G fl TZ^^ , one-pass leaf-started rewriting 
cannot be continued from t since no left-hand side of rule occur just above symbols 
of A and constants. We deduce that NF-^(Li) = T'r(fFif^{Li)r\Rl'^ DTZ^^). Moreover 
when TZ is left-linear, terms of E^^ are linear. Hence, 

Proposition 8. For any left-linear and right-semi-linear TRS, “NF.|.(Li) = L 2 ?” is 
decidable. 
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5 Multiple Rewritings 



In this section, we study the language TZ*(L) where 7?. is a TRS of n rules and L is 
a regular language: 'R*{L) = {t | 3s € L, s A-r, t}. 

Generally, this language is not regular even when the language is. However 

some authors proved that 72.* (L) is regular for some classes of TRS: M. Dauchet et 
S. Tison 117™ for ground TRS, i.e. systems whose left and right-hand sides of rules 
are ground terms; K. Salomaa |Sal88| for right-linear monadic TRS, a rule I — > r 
being monadic if Height{l) > 1 and Height{r) < 1; J.-L. Coquide et al. IGliGVhdl 
for semi-monadic TRS, a rule I — >■ r being semi-monadic if height(l) > 1 and r is a 
variable or a term whose variables occurs at depth one. 

Jacquemard proves in ^lacDtihf.lacDtiaj that the set of ground terms normalizable 
with respect to a growing TRS is regular. A rule Z — >■ r is growing if it is linear and 
if every variable x that occurs in both sides of the rule, x occurs at depth one in 
1. All these results are based on a similar construction that iteratively transforms a 
tree automaton. 

Our result is more restrictive than results of K. Salomaa fSal88j and J.-L. Coquide 
et al. !CDGV94! since ground terms are not allowed at depth one of right-hand sides 
of rules. But our proof is directly issued from the previous section. 

We are able to compute 72(L) with our method. One can iterate the construction 
and compute 72* (L) under two restrictions: the construction preserves recognizabi- 
lity, and it terminates. Recognizability is preserved under right-linearity assumption 
and termination is obtained when the size of the associated automaton does not in- 
crease. Unfortunately, when the rewrite system is not left-linear, a determinization 
procedure is necessary at each step to compute inverse homomorphisms and hence, 
an exponential blow up step appears. Therefore, we restrict ourself to the case of 
linear rewrite systems. 



Proposition 9. Let 72 be a rewrite system. For each language L' on S, L'U72(L') C 
<Fri<F-\L')) C 72*(L'). 

Let us consider now the sequence of languages (Lfc)fegTv defined by Lq = L and 
for every k > 0, Lk = We deduce from Proposition 0 that: 

Vfc £ N, Lj~ U 72(L/j) C Lfc+i C 72*(Lfc). 

Hence for each integer k, Lk C Lk+i C 72*(Lfe), therefore Lk C Lk+i C 72*(Lo). 
Hence the sequence {Lk)keN is ordered by inclusion and dominated by 72* (Lg), i.e: 

LoCLi...CLfeC...C72*(Lo). 

We want this sequence to be consist of a finite number of regular languages in 
order to obtain for some natural number k, Lk = 72* (Lq). Since the construction is 
based on the computation of !7 l(>L;“^(L,)), we first need >7V to be linear. Moreover, 
because we want to build a finite sequence, we require the number of states in the 
automaton for L^+i not to be greater than the number of states in the automaton for 
Li. Hence, some supplementary restrictions are needed for Fi and F^. The classical 
construction for Ff^{Li) requires a deterministic automaton for Li. But in the case 
of linear morphisms F, this requirement can be dropped. Finally, if F,. generates 
terms of height greater than one, additional states are necessary. Hence, 
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Definition 1. A simple rewrite system is a linear TRS whose each right-hand side 
of rule is either a constant, or a variable, or a term of height one without ground 
subterms. 



Therefore, mappings 'I'l and ifV associated with simple rewrite systems are such 
that Wi is linear and for each symbol / of T: either ipr{f) is a constant or a variable, 
or tprif) is a linear term of height one without any ground subterm, i.e. there exist 
g £ Up, p yf 0, and p distinct variables Xi, . . . ,Xp such that ipr(f) = g{xi, . . . , Xp). 

Proposition 10. Let TZ be a simple TRS and let and be the homomorphisms 
associated with TZ. Let L' be a regular language and let A be a tree automaton re- 
cognizing L' . There exists a tree automaton T> whose set of states is included in the 
set of states of A recognizing Tr{Tf^{L')). 

Proof. The standard construction that proves regular languages are closed under 
linear homomorphisms and inverse morphisms applies here. The reader is referred 
for instance to |C^MICDG+97| . 

According to Proposition E3 for each integer k, the language Lk is recognized 
by a tree automaton Ak such that the set of states of Ak-\-i is included in the set of 
states of Ak • Because the sequence of languages is ordered by inclusion and because 
for a given number of states, the number of tree automata recognizing a distinct 
language is bounded, there exists an integer i such that Vfc > i, Lk = Li. 

But Vk G N, 72.^ (Lo) C Lk since TZ{Lk) C Lk+i. Hence 72 ^ (Lq) C Li since the 
sequence is growing. We deduce that 72*(Lo) ^ Li- Finally Li = 72*(Lo) = 72*(L) 
since Li C 72* (Lq). Hence 72* (L) is regular. 

Proposition 11. Let TZ be a simple TRS. Lf L is a regular language, then TZ*{L) is 
regular. 

Last example shows that the TRS has to be left-linear. 

Example 6. Let the signature E = {a/0, g/1, //2}, the TRS 72 composed of the only 
rule f{x,x) — >■ g{x) and the language: 

L = {t£ T{E) I t = /(/(. . . /(a, ti), . . . , tn-i),tn) where ti,...,t„£ T{{g, a})}. 



We associate with the rule of 72 the symbol •. The homomorphisms et TV are 
determined by: 



V'i(a) = a 

Mg) = g{xi) 

Mf) = f{xi,X2) 
M*) = fixiAi) 



ipr{a) = a 

Mg) = gi.xi) 

Mf) = f{Xl,X2) 
M*) = gi.xi) 



For each integer n, let us denote by 7„ the term /(/(. . . /(a, a), . . . , p”“^(a)), 
g^{a)) of L. Let n £ N. The term 7„ rewrites in p"+^(a) by n-|-l applications of 
72’s rule hence 7„ £ 72* (L). Moreover gives g^~^^{a) by exactly n-\-l applications 
of i.e 7„ G Lfe+i and 7„ ^ Lk. We deduce that the sequence {Lk)keN is 

infinite. 
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5.1 Summary 

Our other results and those of Z. Fiilop et al. jK.ISVDHj are summarized in the 
following table. 
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Abstract. Let Li be a finite alphabet, and let h : S* — >■ S* be a mor- 
phism. Finite and infinite fixed points of morphisms — i.e., those words 
w such that h{w) = w — play an important role in formal language 
theory. Head characterized the finite fixed points of h, and later, Head 
and Lando characterized the one-sided infinite fixed points of h. Our pa- 
per has two main results. First, we complete the characterization of fixed 
points of morphisms by describing all two-sided infinite fixed points of 
h, for both the “pointed” and “unpointed” cases. Second, we completely 
characterize the solutions to the equation h{xy) = yx in finite words. 



1 Introduction and Definitions 

Let Z' be a finite alphabet, and let h : Z* — >■ Z* be a morphism on the free mo- 
noid, i.e., a map satisfying h{xy) = h{x)h{y) for all x,y € Z*. If a word w (finite 
or infinite) satisfies the equation h(w) = w, then we call w a fixed point of h. Both 
finite and infinite fixed points of morphisms have long been studied in formal 
languages. For example, in one of the earliest works on formal languages, Axel 
Thue [1 21, 'tj proved that the one-sided infinite word t = 0110100110010110 • • • 
is overlap-free, that is, contains no subword of the form axaxa, where a G {0, 1}, 
and a; G (0 -b 1)*. Define a morphism p by p{0) = 01 and /r(l) = 10. The word 
t, now called the Thue-Morse infinite word, is the unique one-sided infinite fixed 
point of p which starts with 0. In fact, nearly every explicit construction of an 
infinite word avoiding certain patterns involves the fixed point of a morphism; 
for example, see [0|. One-sided infinite fixed points of uniform morphisms also 
play a crucial role in the theory of automatic sequences; see, for example, Q. 

Because of their importance in formal languages, it is of great interest to 
characterize all the fixed points, both finite and infinite, of a morphism h. This 
problem was first studied by Head |Z], who characterized the finite fixed points of 
h. Later, Head and Lando 0 characterized the one-sided infinite fixed points of 
h. In this paper we complete the description of all fixed points of morphisms by 

* Research supported in part by a grant from NSERC. A full version of this paper can 
be found at http://math.uwaterloo.ca/~shallit/papers.html . 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 488-^Hl 1999. 

© Springer- Verlag Berlin Heidelberg 1999 
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characterizing the two-sided infinite fixed points of h. Two-sided infinite words 
(sometimes called bi-infinite words or bi-infinite sequences) play an important 
role in symbolic dynamics m, and have also been studied in automata theory 

HH. 

We first introduce some notation, some of which is standard and can be 
found in |2j. For single letters, that is, elements of S, we use the lower case 
letters a, b, c, d. For finite words, we use the lower case letters t, u, v, w, x, y, z. 
For infinite words, we use bold-face letters t, u, v, w, x, y, z. We let e denote the 
empty word. If w S E*, then by |w| we mean the length of, or number of symbols 
in w. If S' is a set, then by Card S we mean the number of elements of S. We say 
X G S* is a subword of y G E* if there exist words w,z G E* such that y = wxz. 

If /i is a morphism, then we let denote the j-fold composition of h with 
itself. If there exists an integer j > 1 such that {a) = e, then the letter a is 
said to be mortal] otherwise a is immortal. The set of mortal letters associated 
with a morphism h is denoted by M^. The mortality exponent of a morphism h is 
defined to be the least integer t > 0 such that /i‘(a) = e for all a G M^. We write 
the mortality exponent as exp(/i) = t. It is easy to prove that exp(/i) < Card Mh- 

We let E‘^ denote the set of all one-sided right-infinite words over the alpha- 
bet E. Most of the definitions above extend to 17“ in the obvious way. For exam- 
ple, if w = C 1 C 2 C 3 • • • , then hfw) — h{ci)h{c 2 )h{cz) • • • . If L C 17* is a language, 
then we define := {wiW 2 W^ ■ ■ ■ : Wi G L—{e} for all i > 1}. Perhaps slightly 

less obviously, we can also define a limiting word (a) := lim„_>oo /i"(a) for a 
letter a, provided h{a) = wax and w G Mf. In this case, there exists t>0 such 

that h^{w) = e. Then we define (a) := h*~^{w) ■ ■ ■ h{w)waxh{x) h?{x) • • • , 
which is infinite if and only if x ^ Mf. Note that the factorization of h{a) as 
wax^ with w G Mf and x ^ Mf, if it exists, is unique. 

In a similar way, we let “17 denote the set of all left-infinite words, which 
are of the form w = • • • c_ 2 C_iCo. We write 7i(w) = • • • h{c- 2 )h{c-i)h{co). We 
define “L to be the set of left-infinite words formed by concatenating infinitely 
many words from L, that is, “L :={••• W- 2 W-iWq : Wi G L — {e} for all i < 0}. 
If h{a) = wax, and w ^ Mf, x G Mf, then we define the left-infinite word 

{a) := ■ ■ ■ h? {w) h{w) w a X h{x) ■ ■ ■ h*~^{x), where h*{x) = e. Again, if the 
factorization of h{a) as wax exists, with w ^ Mf, x G Mf, then it is unique. 

We can convert left-infinite to right-infinite words (and vice versa) using the 
reverse operation, which is denoted w^. For example, if tc = cqCiC 2 • • • , then 
= •••C2C1C0. 

We now turn to the notation for two-sided infinite words. These have been 
much less studied in the literature than one-sided words, and the notation has 
not been standardized. Some authors consider 2 two-sided infinite words to be 
identical if they agree after applying a finite shift to one of the words. Other 
authors do not. (This distinction is sometimes called “unpointed” vs. “pointed” 
|E].) In this paper, we consider both the pointed and unpointed versions of the 
equation 7i(w) = w. As it turns out, the “pointed” version of this equation 
is quite easy to solve, based on known results, while the “unpointed” case is 
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significantly more difficult. The latter is our first main result, which appears as 
Theorem 0 

We let denote the set of all two-sided infinite words over the alphabet S, 
which are of the form • • • c_2C_iCo.ciC2 • • ■ . In displaying an infinite word as a 
concatenation of words, we use a decimal point to the left of the character ci, 
to indicate how the word is indexed. Of course, the decimal point is not part of 
the word itself. We define the shift a{w) to be the two-sided infinite word obtai- 
ned by shifting w to the left one position, so that a{- ■ ■ c_2C_iCo.ciC2C3 • • • ) = 

• • • c_iCoCi.C2C3C4 • • • . Similarly, for fc G Z we define cr*(- • • c_2C_iCo.ciC2C3 • • • ) = 

• • • Ck-iCk-Ck+iCk+2 • • ■ ■ If w,x are 2 two-sided infinite words, and there exists 
an integer k such that x = (t^(w), then we call w and x conjugates, and we 
write w ~ X. It is easy to see that ^ is an equivalence relation. We extend this 
notation to languages as follows: if L is a set of two-sided infinite words, then 
by w ~ L we mean there exists x G L such that w ^ x. 

If re is a nonempty finite word, then by we mean the two-sided infinite 
word • • • www.www ■ ■ ■ . Using concatenation, we can join a left-infinite word 
w = • • • c_2C_iCo with a right-infinite word x = dodid2 • • ■ to form a new two- 
sided infinite word, as follows: w.x := • • • C-2C-iCQ.dodid2 ■ ■ ■ . If L C S* is a set 
of words, then we define :={••• W-2W-1WQ.W1W2 ■ ■ ■ '■ Wi G L—{e} for all i G 
Z}. If w = • • • c_2C_iCo.ciC2 • • • , and h is a morphism, then we define 

h(w) := ■■■ h(c-2)h(c-i)h(co).h(ci)h(c2) ■■■ (1) 

Finally, if i = |?ua|, h(a) = wax, and w,x ^ M^, then we define 

(a) := • • • h‘^{w) h{w) w .axh{x) h^{x) ■ ■ ■ , 

a two-sided infinite word. Note that in this case the factorization of h{a) as wax 
is not necessarily unique, and we use the superscript i to indicate which a is 
being chosen. 

2 Finite and One-Sided Infinite Fixed Points 

In this section we recall the results of Head [Zj and Head and Lando |H|. We 
assume h : E* ^ S* is a morphism that is extended to the domains 11“ and “U 
in the manner discussed above. Define 

Ah = {a G E : 3 x,y G E* such that h{a) = xay and xy G M^} 



and 



Fh = {h*{a) ■. a G Ah and t = exp(h)}. 

Note that there is at most one way to write h{a) in the form xay with xy G M^. 

Theorem 1 (Head). A finite word w G E* has the property that w = h{w) if 
and only if w G Ff^. 
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Theorem 2 (Head & Lando). The right-infinite word w is a fixed point of h 
if and only if at least one of the following two conditions holds: 

(a) w G Fjf ; or 

(b) w G h^ (a) for some a G E, and there exist x G Mf and y ^ Mf such 
that h{a) = xay. 

There is also an evident analogue of Theorem O for left-infinite words: 

Theorem 3. The left-infinite word w is a fixed point of h if and only if at least 
one of the following two conditions holds: 

(a) w G or 

(b) w G h^ {a)Ff for some a G E, and there exist x ^ Mf and y G Mf such 
that h{a) = xay. 



3 Two-Sided Infinite Fixed Points: The “Pointed” Case 

In this section, we consider the equation /i(w) = w for two-sided infinite words. 
The next result follows immediately: 

Proposition 4. The equation hfw) = w has a solution if and only if w = 
x.y for a left-infinite word x, and a right-infinite word y, where x is given by 
Theorem\^ and y is given by Theorem\^ 

Example. Let p, be the Thue-Morse morphism, which maps 0 01, and 1 10. 

Define g = p^. Then g{0) = 0110, g{l) = 1001. Let t = 01101001 • • • , the one- 
sided Thue-Morse infinite word. Then there are exactly 4 two-sided infinite fixed 
points of g, as follows: 



t^.t = • 


••10010110.01101001 


t^.t = . 


••01101001.01101001 


t«.t = . 


••01101001.10010110 


t^.t = • 


••10010110.10010110 



where 0 = 1, 1 = 0. All of these fall under case (d) of Theorem 0 Incidentally, 
all four of these words are overlap- free. 

4 Two-Sided Infinite Fixed Points: The “Unpointed” Case 

We assume h : E* ^ E* is a morphism that is extended to the domain E^ 
in the manner discussed above. In this section, we characterize the two-sided 
infinite fixed points of a morphism in the “unpointed” case. That is, our goal is 
to characterize the solutions to h{w) ^ w. The following theorem is one of our 
two main results. 
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Theorem 5. Let h be a morphism. Then the two-sided infinite word w satisfies 

the relation h{w) ^ w if and only if at least one of the following conditions 

holds: 

(a) vf ^ Ff; or 

^ — 

(b) w h^{a) . Fjf for some a € E, and there exist x ^ and y € such 

that h{a) = xay; or 

(c) w ‘^Fh ■ h^ (a) for some a G E, and there exist x G and y ^ such 

that h{a) = xay; or 

(d) w h^{a) . F^ h^ (b) for some a,b G E and there exist x,z ^ Mf^, y,w G 
Mf^, such that h{a) = xay and h{b) = wbz; or 

(e) 'w ^ /i“’® (a) for some a G E, and there exist x,y ^ such that h{a) = xay 
with \xa\ = i; or 

(f) w = {xyY' for some x,y G E~^ such that h{xy) = yx. 

Before we prove Theorem 0 let us look at two examples. 

Example 1. Consider the morphism / defined by a — ^ bb, b — > e, c — > aad, 

d — 7> c. Let 



w = • • • aadbbbbcaadbbbbc.aadbbbbcaadbbbbc • • • . 



Then 

/(w) = • • • bbbbcaadbbbbcaad.bbbbcaadbbbbcaad • • • . 

This falls under case (f) of Theorem 0 

Example 2. Consider the morphism (p defined by 0 — >■ 201, 1 — ?> 012, and 2 — 

120. Then if w = (0) = • • • c_ 2 C_i.CoCiC 2 ■■■ = ■■■ 1202.01012 • • • , we have 

(^(w) ^ w. This falls under case (e) of Theorem 0 Incidentally, Ci equals the 
sum of the digits, modulo 3, in the balanced ternary representation of i. 

We now prepare for the proof of Theorem 0 by stating three easy but useful 
lemmas without proof. 

Lemma 6. Suppose w, x are 2 two-sided infinite words with w ^ x. Then 
h(w) ^ h(x). 

Our second lemma concerns periodicity of infinite words. We say a two-sided 
infinite word w is periodic if there exists an integer p (called a period) such that 
w = crP(w). 

Lemma 7. Suppose w = • • • c_ 2 C_iCo.ciC 2 • • • is a two-sided infinite word such 
that there exists a one-sided right-infinite word x and infinitely many negative 
indices 0 > Zi > *2 > • • • such that x = Ci-Ci.j^iCi .+2 ' ' ‘ for j > 1. Then w is 
periodic. 
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Our third lemma concerns the growth functions of iterated morphisms. 
Lemma 8. Let h : E* ^ E* be a morphism. Then 

(a) there exist integers i,j with 0 < i < j and |/i®(rt;)| < \h^{w)\ for all w € E* ; 
and 

(b) there exists an integer M depending only on k = Card E such that for all 
h : E* — >■ E* , we have j < M . 

We note that part (a) was asserted without proof by Cobham However, 
the proof easily follows from a result of Dickson pj that contains no infinite 
antichains under the usual partial ordering. For part (b), it is further known 
that we can take M = 2^. See □ 

Now we can prove Theorem 0 

Proof. (4=): Suppose case (a) holds, and w ~ F^. Then there exists x G 

with w ^ X. Since x G F^, we can write x = ■ ■ ■ X- 2 X-iXq.xiX 2 ■ ■ ■ , where 

Xi G F/j for all i G Z. Since Xi G F/j, we have h{xi) = Xi for all z G Z. It follows 

that /i(x) = X. Now, applying Lemma0 we conclude that /i(w) ^ h(yi) = x ~ w. 

^ — 

Next, suppose case (b) holds, and w ~ h‘^{a).Fjf. Then w ~ x for some x of 

the form x = h^{a). X1X2X3 • • • , where Xi G Fh for all z > 1 , and h{a) = xay with 
X ^ and y G M^. Then we have /i(x) = x, and by Lemma 0 we conclude 
that h{w) ^ /i(x) = X ~ w. 

Cases (c), (d), and (e) are similar to case (b). 

Finally, if case (f) holds, then hfw) = h{- ■ ■ xyxy.xyxy •••) = ••• yxyx.yxyx • • • , 
and so h{w) = a^{w) for k = |x|. 

(=>): Suppose w = • • • c_ 2 C_iCo.ciC 2 • • • , and there exists k such that hfw) = 
(T^(w). Let 

i\HciC2---c^)\ + k, if z > 0; 

- |/i(cj+iCj +2 • • • co)|, if z < 0. 

Then it is not hard to see that 

k{^Ci) (3) 

for z G Z; see Figure 0 Note that s(0) = k. 



w = 


Cl 


Co 


Cl 


C 2 




h j 




h(w) = ■ ■ ■ 


^i(-l)+l ■ ■ ■ ^i(O) 


Ci(0)+1 ■ ■ ■ C^(J) 





Fig. 1. Interpretation of the function s 
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We define the set C as follows: C = {f G Z : s(z) = i}. Our argument is 
divided into two major cases, depending on whether or not C is empty. 

Case 1; (7 0. In this there exists j such that s{j) = j. Now consider the pointed 

word X = • • • Cj- 2 Cj-iCj-Cj+iCj +2 ' ' ‘ ■ We have x ~ w and by Eq. Q we have 
h(x) = X. Then, by Proposition ^ one of cases (a)-(d) must hold. 

Case 2: C = %. There are several subcases to consider. 

Case 2a: There exist integers i,j with i < j such that 

s{i) > i but s{j) < j. (4) 

Then choose i, j satisfying with j — i minimal. Suppose there exists an integer 
k with z < fc < J. If s{k) < k, then (z, k) is a pair with smaller difference, while 
if s(fc) > k, then (k,j) is a pair with smaller difference, a contradiction. Hence 
s{k) = k. But this is impossible by our assumption. It follows that j = i + 1. 
Then s(z) > z, but s(z + 1) < z + 1, a contradiction, since s(z) < s{i + 1). Hence 
this case cannot occur. 

Case 2b: There exists an integer r such that s(z) < z for all i < r, and s(z) > z 
for all i > r. Then h{cr) = Cs(r_i)+i • • • Cs(j.), which by the inequalities contains 
Cr-iCrCr+i ^ subword. Therefore, letting a = Cr, it follows that w ~ u a: . a i/ v, 
where u = • • • Cs(r._i)_iCs(r_i) is a left-infinite word, x = Cs(,._i)+i • • • c^-i and 
y = Cr+i ■ ■ ■ are finite words, and v = Cs(^r)+iCs{r )+2 ' ' ‘ is a right-infinite 
word. Furthermore, we have h(ux) = u, h{a) = xay, and h{yv) = v. 

Now the equation h{yv) = v implies that h{y) is a prefix of v, and by an easy 
induction we have h{y)h?‘{y)h^{y) ■ ■ ■ is a prefix of v. Suppose this prefix is finite. 
Then y G M^, and so h{y)h’^{y)h^{y) ■ ■ ■ = h{y)h?{y) ■ ■ ■ h*^{y), where t = exp(h). 
Define z = h{y)h^{y) ■ ■ ■h^{y). Then s(r-|-|z/|-|-|z|) =r-|-|?/|-|-|z|,a contradiction, 
since we have assumed C = 0. It follows that z := h{y)h? {y)h^ {y) • • • is right- 
infinite and hence y ^ M^. 

By exactly the same reasoning, we find that ■ ■ ■ {x) h? {x) h{x) is a left- 

infinite suffix of u. We conclude that w ~ /z‘^’® (a), and hence case (e) holds. 

Case 2c: s(z) > z for all i G Z. Let w = • • • c_ 2 C_iCo.ciC 2 • • • . 

Now consider the following factorization of certain conjugates of w, as follows: 
for z < 0, we have w ~ x^ z/^ . z^, where x^ = • • • Ci_ 2 Ci_i (a left-infinite word), 
2 /i = Ci • • • Cs(i-i) (a finite word), and z^ = Cs(i-i)+iCs(^-i )+2 • • • (a right-infinite 
word). Note that z — 1 < s(z — 1) by assumption, so z < s(z — 1); hence yi is 
nonempty. Evidently we have 



h(xi) = Xi yi, and (5) 

h{yi'Z‘i) = Zi- 

Now the equation h(jjiZi) = z^ implies that h(yi) is a prefix of z^. Now an easy 
induction, as in Case 2b, shows that v := h{yi)h^{yi)h^{yi) ■ ■ ■ is a prefix of z^. If 
V were finite, then we would have yi G M^, and so s{j) = j for j = s(z — 1) -I- |z;|, 
a contradiction, since C = 0. Hence v is right-infinite, and so yi ^ M^. There 
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are now two further subcases to consider: (i) supj<Q(s(j) — i) < -l-oo, and (ii) 

sup*<o(s(*) - *) = +00- 

Case 2ci: Suppose supj<o('S(0 — i) = d < -l-oo. It then follows that \y^\ < d. 
Hence there is a finite word u such that yi = u for infinitely many indices i < 0. 
From the above argument we see that the right-infinite word h(u)h?'{u)h^{u) ■ ■ ■ 
is a suffix of w, beginning at position s(i — 1) -I- 1, for infinitely many indices 
z < 0. We now use LemmaQto conclude that w is periodic. 

Thus we can write w = • • • c_ 2 C_iCo.CiC 2 • • • , and w = • • • vvv.vvv • • • , where 
f = C 1 C 2 • • • Cp for some integer p > 1. Without loss of generality, we may assume 
p is minimal. 

We claim |/i(n)| = p. For if not we must have |/j(r’)| = q, for q ^ p, and 
then since /i(w) ^ w, we would have w is periodic with periods p and q, hence 

periodic of period gcd(p, q). But since p was minimal we must have p \ q. Hence 

q > 2p. Now let s{p) = 1; since s{i) > i for all i we must have I > 0. Then 

h{c\C 2 ■ ■ ■ Cp) = Cs(_i)_|_i • • • Cg(p) = ci-q+i ■ ■ ■ Q. It now follows that 

s{ip) = I — q + iq (6) 

for all integers i. Now p < q, so p < q — 1, and hence p < q — 1 + q/l. Hence, 
multiplying by —I, we get —Ip > I — ql — q. Now take i = — / in Eq. ® , and we 
have s{—lp) = I — q — Iq < —Ip, a contradiction, since s(z) > i for all i. It follows 
that |/i(f)| = p. 

There exists k such that h{ciC 2 ■ ■ ■ Cp) = Ck+iCk +2 ’ • • Cfc+p. Using the division 
theorem, write k = jp + r, where 0 < r < p. Define 

y — C^k-\-l * * * ^[j-\-l)p — ^r-\-l ‘ * * Cp, 

X — — Cl • ‘ ‘ Cr- 

We have h{xy) = yx, and v = xy. Then w = v'^ = {xyY‘. 

By above we know |w| > 1, so xy yf e. Suppose y = e. Then h{x) = x, and so 
X € It follows that w G F^. A similar argument applies if a; = e. However, 
if w G F^, then C yf 0, a contradiction. Thus x,y ^ e, and case (f) holds. 

Case 2cii: supj<Q(s(z) — i) = -l-oo. Recall that s{i) > i for all z G Z and 
w = • • • C- 2 C- 1 C 0 .C 1 C 2 ■ ■ ■ ■ Define 



X :— • • • c_2C_iCq; 

y ■= C1C2 • • • Cs(o); 

z := c^,(o)+iCs(o)+2 • • • . 

Then w = x.pz and /z(x) = xy, h(yz) = z. 

Define Bj{k) = s-l(fc) — s^~^{k), where denotes the j-fold composition of 
the function s with itself. First we state a technical lemma without proof. 

Lemma 9. For all integers r > 1 there exists an integer n < 0 such that 
Bj{n) > r for 1 < j <t. 
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Now let M be the integer specified in Lemma|Hl and define r := supi<j<^ Bi{0). 
By Lemma El there exists an integer n < 0 such that Bj{n) > r for 1 < j < M. 
Define w := c„+i---co. We have \h^{w)\ = s-^(O) — s^{n); and \h^~^{w)\ = 
s-^“^(0) — s^~^{n). It follows that 

\h^{w)\ = (s^(0) - s^"^(0)) - (s^(n) - s^-i(n)) + \h^~\w)\ 

= Bj{0) - Bj{n) + \h^~^{w)\ < Bj{0) -r+ \h^~\w)\ 

< \h^~^{w)\ 

for 1 < j < M. But this contradicts Lemma El This contradiction shows that 
this case cannot occur. 

Case 2d: s{i) < i for all i G Z. This case is the mirror image of Case 2c, and 
the proof is identical. The proof of Theorem El is complete. □ 

5 The Equation h(xy) = yx in Finite Words 

It is not difficult to see that it is decidable whether any of conditions (a)-(e) 
of Theorem El hold for a given morphism h. However, this is somewhat less 
obvious for condition (f) of TheoremEl which demands that the equation h{xy) = 
yx possess a nontrivialQ solution. We give a complete characterization of the 
solution set, which constitutes our second main result. 

To do so it is useful to extend the notation previously used for two-sided 
infinite words, to finite words. We say w z for w,z £ S* if w is a cyclic shift 
of z, i.e., if there exist x,y £ E* such that w = xy and z = yx. It is now easy 
to verify that ^ is an equivalence relation. Furthermore, if w ^ z, and /i is a 
morphism, then h{w) ^ h{z). Thus condition (f) can be restated as h{z) ^ z. 

It is easy to see that if h{z) ~ z, then there exist i < j such that h^{z) is 
a fixed point of Since h^{z) ^ z, we may restrict our attention to the set 
S' = rn (Ui>i B^i). Our set T then is the set of all cyclic permutations of words 
in S. 

To describe S we introduce an auxiliary morphism h : E ^ E, where E Q E. 
A letter a £ E if and only if the following three conditions hold: 

(1) a is an immortal letter of h; 

(2) /i*(a) contains exactly one immortal letter for all i > 1; and 

(3) /i*(a) contains a for some i > 1. 

We define the morphism h by h(a) = a' where a' is the unique immortal letter 
in h{a). 

The relation of h to S is as follows. If z G S, then z G F^i for some i. Hence 
there exists an integer p such that z = zi • • • Zp where zj = XjQjyj £ F/^i, and 
aj is an immortal letter for 1 < j < p. It follows easily that aj £ E. Hence h 
cyclically shifts z iff /i cyclically shifts z = oi • • • Cp. (The words Xj and yj are 
uniquely specified by i and aj.) 



^ By nontrivial we mean xy ^ e. 
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Theorem 10. We have Card F/ji < oo. 

Proof. Suppose a € S. Define aj, Xj and yj by oq = a and h{aj) = XjQj+iyj 
for j > 0, where Oj+i G S. It is clear that there is a t < Card E such that if 
j = k (mod t) then aj = Uk, Xj = Xk and yj = yk- Define e* = exp(/i*). By the 
definition of F^i, all words in F^i are of the form 

' (2^Jl) ■ ■ ■ ^(l/iej-2) ■ ■ ■ ^ iVjo) 

for some a = ao € E. Since there are only finitely many aj, Xj and yj and 
€i < Card E for alH > 1, the result follows. □ 

Therefore, we now concentrate on the set T of words z that are cyclically 
shifted by h. 

Suppose E = {oi, . . . , Os}. Since h acts as a permutation P on E, there exists 
a unique factorization of P into disjoint cycles. Suppose c = {do, ■ . . ,dt-i) is a 
cycle appearing in the factorization of P, and let |c| denote the length t of the 
cycle c. Define the language L{c) as follows: 

L(c) = {dodid 2 ■ ■ ■ dt-l)* + {did 2 ■ ■ ■ dt-ldoY + • • • + {dt-ldodi ■ ■ ■ dt- 2 )*. 

For example, if c = (0, 1,2) then L{c) = (012)* -|- (120)* -I- (201)*. Note that the 
definition of L{c) is independent of the particular representation chosen for the 
cycle. 

Now define the finite collection TZ' of regular languages as follows: 

TZ' = {L{c") : c is a cycle of P and 1 < u < |c| and gcd(v, |c|) = 1}. 

We now define a finite collection TZ of regular languages. Each language in 
TZ is the union of some languages of TZ'. The union is defined as follows. Each 
language L{c") in TZ' is associated with a pair {t,v) where t = |c| and v is an 
integer relatively prime to t. Then the languages L(c)'^), . . . ,L{d^) in TZ' are 
each a subset of the same language of TZ if and only if the system of congruences 



v\x = 1 (mod ti) 
V 2 X = 1 (mod ^ 2 ) 



VjnX = 1 (mod tm) 



( 7 ) 



possesses an integer solution x, where tj = \cj\ for 1 < j < m. Note that a 
language in TZ' may be a subset of several languages of TZ. 

We say a word w is the perfect shufEe of words Wi, . . . , ruj if | | = • • • = | Wj | 
and the first j symbols of w are the first symbols of Wi , . . . ,Wj in that order, the 
second j symbols of w are the second symbols of , . . . ,Wj in that order, and 
so on. We write w = III(wi, rc2, . . . ,Wj). The following theorem characterizes 
the set T, and is our second main result. 
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Theorem 11. Let z € S* , and let h permute S. Then h{z) ^ z if and only if 
z is the perfect shuffle of some finite number of words contained in some single 
language ofTZ. 

Proof. Let h permute S, with induced permutation P. Let 5 = bobi ■ ■ ■ bn-i- 
(4^): Suppose z is the perfect shuffle of some finite number of words contained 
in a single language of TZ. For simplicity of notation we consider the case where 
5 is the perfect shuffle of two such words; the general case is similar and is left 
to the reader. 

Thus assume 5 = LU(r<;,'u)). Further, assume w G L{d’) for some cycle c and 
integer v relatively prime to t = |c|, and w G L(c") for some cycle c and integer 
V relatively prime to t = |c|. 

Then w = {dodvd 2 v ■ ■ ■ dyt-iY for some cycle {do,di,... ,dt-i) of P with 
h(ds) = ds+i for 0 < s < t, where the indices are taken modulo t.) Similarly, 
w = {dodvd 2 v ■ ■ ■ d.Qj:_iY for some cycle {do, di, . . . , df_i) of P with h{dg) = ds+i 
for 0 < s < i, where the indices are taken modulo t.) 

By hypothesis there exists an integer x such that vx = 1 (mod t), and 
vx = 1 (mod t). A simple calculation shows that we may assume 0 < x < tr = tf. 
Then 5 = dodo ■ • ■ and h{z) = didi • • • = dyxdvx ■ ■ ■ = ■ • • (indices of a 

taken mod n), and so h{z) ~ 5. 

(=J>): Suppose h{z) ~ z. Then there exists an integer y such that h{bob\ ■ ■ • bn-i) 
= byby+i ■ ■ • by-i, whccc the indices are taken modulo n. Define g = gcd(y,n) 
and m = n/g. Then, considering its action on 6061 the morphism h 

induces a permutation of the indices 0,1 ,... , n — 1 sending j — >■ j + j/ (mod n) 
which, by elementary group theory, factors into g disjoint cycles, each of length 
m. 

Now, for 0 < f < (/, define the words Wi := &i6g+ifog+i • • • 6(m-i)g+i- It is 
clear that 5 = III(wo, ici, ■ ■ • , Wg-i). Then 

h{Wi) — h{bi bg-\-i b2g-\-i * * ' b(^Yn-l)g-\-i') 

= bi-\-y 6g-|_i+y b2g+i+y ’ ’ ’ ^(m — l)g+i+y 
= &i+(| + l)g &i+(J+2)g • • • 6* + (|+m_l)g, 

and so it follows that h cyclically shifts each Wi by y/g. 

Now gcd(m, y/g) = 1, so for each k there is a unique solution t (mod m) of the 
congruence = fc (mod m). Multiplying through by g, we find ty = kg (mod n) 

has a solution t, so ty + i = kg + i (mod n) has a solution t. But h*{bi) = bty+i, 
so each symbol bkg+i of Wi is in the orbit of h on Zi. It follows that each symbol 
of Wi is contained in the same cycle Ci of P. Suppose Ci has length ti. Then 
h^fibi) = bi, and furthermore ti is the least positive integer with this property. 
However, we also have h^{bi) = bi+ym = ^i+Kn = Y, and so ti \ m. 

Since gcd{y/g,m) = 1, there is a solution v to the congruence u • | = 
1 (mod m). Then vy = g (mod n). Using the division theorem, write v = qiP+Vi, 
where 0 < for 0 < i < g. Since gcd(u, m) = 1, and fi \ m, we must have 

gcd(u,ti) = 1. Thus gcd(uj,ti) = 1. 
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Now 

^ ^ ^ ^ {^kg+i) ^kg+i+vy ^kg+i+g ^{k+l)g+i- 

Then for 0 < i < 5 we have w, = {hh'^'{bi)h^'^'{bi) ••• G 

L{c"'). From /i(6o^i&2 • ■ • ) = byby+iby+2 ■ ■ ■ , it follows that hs'"'{bi) = by+i = 
h{bi), and so ^Vi = 1 (mod ti). Thus the system of equations (CJ) possesses a 

solution X = y/g. This completes the proof. □ 
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Abstract. We continue the study of the tiling problems introduced in 
jK M PhS) . The first problem we consider is: given a d-dimensional array of 
non-negative numbers and a tile limit p, partition the array into at most 
p rectangular, non-overlapping subarrays, referred to as tiles, in such a 
way as to minimise the weight of the heaviest tile, where the weight of 
a tile is the sum of the elements that fall within it. For one-dimensional 
arrays the problem can be solved optimally in polynomial time, whereas 
for two-dimensional arrays it is shown in [K IVI PhS| that the problem is 
NP-hard and an approximation algorithm is given. This paper offers a 
new (d^ -|-2d— 1) / (2d— 1) approximation algorithm for the d-dimensional 
problem (d > 2), which improves the (d-|-3)/2 approximation algorithm 
given in Esnsi- In particular, for two-dimensional arrays, our approxi- 
mation ratio is 7/3 improving on the ratio of 5/2 in IKMP981 and |HS^. 
We briefly consider the dual tiling problem where, rather than having a 
limit on the number of tiles allowed, we must ensure that all tiles pro- 
duced have weight at most W and do so with a minimal number of tiles. 
The algorithm for the first problem can be modified to give a 2d approxi- 
mation for this problem improving upon the 2d -|- 1 approximation given 
in These problems arise naturally in many applications including 

databases and load balancing. 



1 Introduction 

The partitioning of data is a problem that arises in many areas of compu- 
ter science and other fields. We consider two particular partitioning problems 
which have applications to databases and load balancing. We call these problems 
RTILE (rectangular tiling) and DRTILE (dual rectangular tiling), following the 
terminology in [KMP98j . where these problems were introduced and proven to 
be NP-hard. In this paper we consider the d-dimensional generalisations to these 
problems and give new approximation algorithms for them which improves those 
previously presented. We focus almost entirely on the RTILE problem and use 
our approximation algorithm for this problem to generate a new approximation 

* This work was supported by the Engineering and Physical Sciences Research Council 
and in part by the ESPRIT LTR Project no. 20244 - ALCOM-IT. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 500-^^^ 1999- 
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algorithm for the dual DRTILE problem. In this section we define the problems, 
discuss our results and related work, and give some more details of motivation 
for the problems. Subsequent sections present the approximation algorithms for 
the problems. 

1.1 Problem Definitions 

The problems we consider must partition an array into subarrays, which we refer 
to as tiles. We assume that any partitioning into tiles completely cover the arrays 
without overlap. The sum of all the elements that fall within a given tile is called 
the weight of a tile. The arrays we consider are assumed to have a dimension of 
at least two, unless stated otherwise. 

RTILE. Given a d-dimensional array A of size n in each dimension, containing 
non-negative integers, partition A into at most p rectangular tiles so that the 
maximum weight of any tile is minimised. 

DRTILE. Given a d-dimensional array A of size n in each dimension, containing 
non-negative integers, partition A into rectangular tiles, with each tile having 
weight at most W, so that the number of tiles used is minimised. 



1.2 Results and Related Work 



Firstly, we note that the problems can be solved optimally by efficient algorithms 
when restricted to one-dimensional arrays, see 



for one such algorithm. 
In this paper we consider the problems for arrays with dimension at least two. 

The main result of this paper is a new approximation algorithm for the RTILE 
problem. The RTILE problem, restricted to two dimensions, was introduced by 
Khanna et al in [KMEDH I. where it is shown to be NP-hard to approximate an 
optimal solution to within a factor of 5/4. They give a 0(n^ + plogn) time 
algorithm for the problem in two dimensions, that approximates an optimal 
solution to within a factor of 5/2. For the dual DRTILE problem, again in two 
dimensions, they give a series of approximation algorithms that trade quality of 
approximation for improved running time. 

Smith and Suri extend the RTILE approximation algorithm given in 
to deal with the d-dimensional case. Their algorithm gives a (d-l- 3)/2 
approximation with a running time of 0(d!(n^ + pd log n)) and thus is only 
practical for small values of d. The same algorithm is then used to get a (2d-|- 1) 
approximation for the dual problem. 

The main result of this paper is a new approximation algorithm for the 
RTILE problem giving a (d^ -I- 2d — l)/(2d — 1) approximation which improves 
those described above. For comparison, in two dimensions this algorithm has 
an approximation ratio of 7/3 compared with the previous best of 5/2 for the 
approximation algorithms in pCMRflSj and 



and in three dimensions the 
new approximation ratio is 2.8 improving the ratio of 3 for the algorithm in 
j. The worst case running time for the algorithms is 0(n‘^ + 2'^pd(d+logn)). 
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Asymptotically this is better than the algorithm given in [SS99| but is still, never- 
the-less, exponential in d and thus only useful for small d. However, since the 
input to the problem is an array of size 0{n^) any algorithm that examines the 
whole array will have running time exponential in d. It may be possible for some 
applications to exploit any known sparseness of the array in order to improve 
upon this. We briefly discuss this in relation to our algorithm in Sect. El 

We use our RTILE approximation algorithm to generate an approximation 
algorithm for the dual, DRTILE, problem obtaining a 2d approximation with a 
running time of 0(n'^ + 2‘^pdlogn). 

We note that all of the algorithms mentioned above produce a hierarchical 
tiling. That is, one in which there is a straight cut through one dimension of 
the array that partitions it into two disjoint regions, each of which is itself a 
hierarchical tiling. If we are restricted to this type of tiling, then we can solve 
the problem optimally by dynamic programming. The hierarchical tiling equiva- 
lent of the RTILE problem can be solved optimally in time 0{pdr?'^'^^) and the 
corresponding dual hierarchical problem can be solved optimally in 0{din?‘^'^^) 
time, both by the obvious dynamic programming algorithms. Due to the increa- 
sed running time of the dynamic programming solutions to these problems the 
approximation algorithms discussed offer quicker alternatives, albeit at possible 
loss in optimality. However, the interesting question of how the optimal solutions 
to the RTILE and DRTILE problems compare with the optimal solutions to the 
hierarchical equivalents remains open. 

The DRTILE problem and the hierarchical equivalent is considered in grea- 
ter depth by Muthukrishnan et al in mm- In this paper they consider the 
hierarchical problem separately and also consider other methods of partitioning 
the array which have database applications as described in IL*ooH7l . They de- 
scribe a series of approximation algorithms for the partitioning problems they 
consider and as in IKMRDHl offer alternative algorithms which trade quality of 
approximation for improved running time. 

1.3 Motivation 

To motivate our work we shall briefly describe two of the application scenarios 
where the problems we consider arise. 

Query Optimisation. In many relational database systems, users make requests 
for information retrieval in query languages such as SQL, which specify what 
information is desired, but not the specific details of how to retrieve it. With 
a complex query there may be many possible execution plans for the query 
which vary widely in the completion time. It is thus desirable to attempt to 
choose the execution plan which will execute the query the fastest. This work 
takes place in a component of the database system called the query optimiser. 
Accurately picking the best execution plan is a difficult task without executing 
all the different plans and hence the query optimiser must make cost estimates 
for each execution plan. In order to achieve this, statistics on the data are stored. 
Disk access is of primary importance in executing a query since this will be slow 
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and hence we would wish to choose the execution plan so as to reduce the results 
sizes of each intermediate operator in the query and thus reduce disk access. This 
requires knowledge of the data distributions of the attributes stored within each 
table or relation in the database. Since the distribution of data may not fit 
a particular probability distribution, histograms are stored to approximate the 
data distributions. 

A majority of work in the databases community has concentrated on the 
construction of one-dimensional histograms. In this case a single attribute of a 
relation is considered in isolation. The frequency with which a particular value 
of the attribute occurs in the relation is stored in an array. There are many 
different strategies for partitioning this data into histograms which are discussed 
in [IPooDTj . One such strategy is to partition the array so that attribute values 
are grouped into ranges such that the sum of frequencies within each range is 
‘nearly’ equal over all ranges. These are known as equi-depth histograms. Once 
the partitioning has taken place the average frequency within each range is used 
to approximate the frequency of all values in the range. 

For queries that involve more than one attribute at a time from the same 
relation, the results size depends on the joint frequency distribution. In this 
case, for each combination of attribute values the frequency with which that 
combination of values occurs is stored. This gives a multi-dimensional array 
which can be partitioned following the same strategies as for one-dimensional 
arrays. Multi-dimensional equi-depth histograms have been studied in |M I ) 88 | 
and among others. 

The approximation algorithms for the RTILE and DRTILE problems will 
give approximate solutions to the problem of constructing equi-depth multi- 
dimensional histograms. 

Data Partitioning. Many modern computer science applications are written to 
take advantage of parallelism in the architecture on which they run. To facilitate 
this, high performance computing languages, such as High Performance Fortran, 
allow the programmer to specify a partitioning of the data which is mapped 
onto different processors. The aim for the programmer is to achieve an even load 
balance on each processor. To give a specific example we describe one of the 
problems given in |Ma,n 98 j . The problem is to compute the product Ax for a 
sparse M x N matrix A and vector x of length on a SIMD computer. Matrix 
A is partitioned into mxn rectangular blocks which are mapped onto an m x n 
processor array {m M and n <C N). Let B = (oy) be one such block, with 
l<si<f<S2<M and l<ti<j<t2<N, for some si, S2, t\ and ^2- If B is 
mapped on to processor p, then the elements Xj for t\ < j < t2 are also mapped 
to processor p. The processor will now compute the products jji = 
for Si < i < S2- Each processor communicates the y values it has computed to the 
other processors, which sum the values to form the final answer for product Ax. 
The time spent by each processor in computing its y values will be proportional 
to the number of non-zero entries in the block of A it is given and thus we 
would like to make the number of non-zero entries in each block approximately 
the same. In jMa,n9,3| a scheme based upon a one-dimensional partitioning of 
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the rows and columns of A individually is given. The RTILE problem in two 
dimensions would be another possible strategy to obtain this partitioning. It 
should be noted however, that the possibility of producing long thin tiles could 
increase the communication cost between processors and thus reduce the benefit 
of an even load balance. Experimental work similar to that in LVlanHill is required 
to investigate the benefits of using the RTILE algorithm for this problem. 

2 RTILE Approximation Algorithm 

We assume that the input to the problem is a d-dimensional array A of size 
n in every dimension^, containing non-negative integers and a tile limit p. The 
following algorithm gives a {d? -I- 2 d — 1) /( 2 d — 1) approximation to an optimal 
solution. For brevity we will let a = {(P + 2d — l)/{2d — 1). 

Before describing the algorithm we give some definitions and notation. Let 
wt{K) denote the weight of a subregion K of A, where the weight of K is the 
sum of all the elements within it. Let w = wt{A)/p, which is the average tile 
weight assuming all possible tiles are used. If M is the value of the element (s) 
of maximal weight, it is clear that M' = max{w,M} gives a lower bound for 
the maximum tile weight in an optimal solution. We show that our algorithm 
produces tiles with weight no more than aM' and thus within a of an optimal 
solution. 

In order to represent d-dimensional rectangular subregions of the array, we 
use the notation [oi, b{\ x [ 02 , 62 ] x . . . x [a^, bj], which will be the region from a\ 
to bi in dimension one, from 02 to 62 in dimension two, etc. Individual elements 
will be represented by (oi, 02 , ... , ad)- Often we let Ij = [aj, bj] and so regions 
are denoted by IiX I 2 X . . .x Id- 

The tilings produced by the algorithm are created in a top down fashion by 
cutting a region of the array along one of the dimensions. For example, region 
[1, 9]x[3, 8]x[2, 3] can be cut in dimension two, into regions [1, 9]x[3, 5]x[2, 3] and 
[1, 9] X [6, 8 ] X [2, 3]. We borrow some definitions from Esni to describe various 
types of region: a region is called light if it has weight no more than aM'] a 
region is called heavy if it can be divided into two regions by cutting in any one 
of its dimensions with both subregions having weight at least M' - such a cut 
is called a heavy cut] in the remaining case a region is said to be medium- 

The algorithm consists of three procedures, Heavy-Search, Heavy-Cut and 
Tile-Medium. It begins by passing the whole array to procedure Heavy-Search 
which starts dividing the array into regions with weight at least M' - The resulting 
regions are passed to Heavy-Cut which will recursively make heavy cuts until this 
is no longer possible. This procedure is identical to the Greedy-Tile procedure 
given in At this point the resulting medium regions are passed to Tile- 

Medium which will cut off as many light pieces of the region as it can, which 
will guarantee to make the weight of the remaining region no more than aM' - 
Each of these procedures is described in detail below. 

^ This is purely to keep the analysis clean, the dimensions of A may be of different 
lengths. 
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2.1 Heavy- Search 

The algorithm begins by passing the whole array A to this procedure together 
with the value M' = max{wt(A)/p, M}. Array A is divided into subregions with 
weight at least M' . A subregion is created by making a cut in dimension one that 
slices off a minimal region with weight at least M' . The regions is then passed to 
procedure Heavy-Cut. The process is repeated with the remainder of the array 
until the whole array has been processed. The algorithm for the procedure is 
presented below. 



Procedure 1 Heavy-Search 

Input: Array A = I 1 XI 2 X . . .xld where Ij = [1, n] and M' . 

1: ai 1 , tiles (j> 

2: repeat 

3: mi <r- minimal value in [oi, n] with wt([ai, mi] x /2 x . . . x /d) > M' 

{Assume mi is set to n if mi is undefined.} 

4: 61 maximal value in [mi -I- 1, n] with wt([mi + 1, 61 ] x /2 x . . . x Id) = 0 

(Assume 61 is set to mi if bi is undefined.} 

5: tiles tiles U Heavy-Cut([ai, bi] x 72 x . . . x Id) 

6: ui i — bi -f 1 

7: until b\ = n 
8 : return tiles 



Notice that when a region is found with weight at least M' the algorithm will 
expand this region to include any subsequent region with zero weight. This is 
necessary to prevent the algorithm from ever leaving a region of zero weight at 
the last iteration of the loop. It should be noted, however, that the final region 
produced may have weight less than M' . 

In order to maintain the tile limit p we ensure that Heavy-Cut(Tf) will use 
at most \wt{K) /w\ tiles when wt(7f) > M' and one otherwise. Provided this is 
always the case, the final tiling will never use more than p tiles. To see this let 
us denote the regions [ai,&i]x/2X. ..xld produced by Heavy-Search and passed 
to Heavy-Cut by Ki for 1 < i <1. For all but Ki, Heavy-Cut will use at most 
\wt{Ki) /w\ tiles. In the case that wt{Ki) > M' the total tile usage will be no 
more than, 

i i 

^ [wt(7fi)/wj <'^^t{Ki)/w = p . 

i=l i=l 

The second case to consider is when wt(7f;) < M' . Since this is the only region 
with weight less than M' and it does not have zero weight we will still meet our 
tile limit. In this case the total tile usage will be at most, 

i-i i-i 

[wt(7fj)/wJ -I- 1 < ^ yNt{Ki)/w + l= p — , 

i=l i=l 

where 7 = wt{K[)/w. Since 7 > 0 and the tile usage is an integer it follows that 
the total tile usage is no more than p. 
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2.2 Heavy- Cut 

The purpose of this procedure is to keep making heavy cuts on the region it is 
given until this is no longer possible. Should Heavy-Cut be given a light region, 
it is returned and will constitute an individual tile. Otherwise, each dimension 
of the region is examined, looking for a heavy cut in each one. Should a heavy 
cut be found, then it is made and Heavy-Cut recursively calls itself on the two 
subregions produced. If no heavy cut can be found then the region will be me- 
dium and is passed to Tile-Medium. We note that the procedure will meet the 
tile quota discussed above provided procedure Tile-Medium obeys this. 



Procedure 2 Heavy-Cut 
Input: Region K 
1: if wt{K) < aM' then 
2: return {K} 

3: if there is a heavy cut in some dimension j then 

4: make the heavy cut giving regions K\ and K 2 with K = Ki U K 2 - 

5: return Heavy-Cut (/fi) U Heavy-Cut (/f 2 ) 

6: else {there is no heavy cut, i.e. the tile is medium} 

7: return Tile-Medium(R') 



The search for heavy cuts and the properties of medium regions play an im- 
portant role in the final part of the approximation algorithm and are examined 
further. We assume Heavy-Cut is given region K = JiX. . .x/^, where Ij = [aj, bj]. 
If the region K has weight more than aM' then the procedure must search for a 
heavy cut. For given dimension j, Heavy-Cut will search for a value mj C [uj, bj] 
which induces the partitioning 



Lj 


= Jl X . 


X 

1 

X 


[a j, rrij — 1] x /j+i x 


...X Id 


Cj 


= JlX. 


X 

1 

X 


[rrij, rrij] x /j+i x . . . 


y^id , 


Rj 


= JlX. 


X 

1 

X 


[rrij + 1, bj] X Ij+i X 


...Xld 



so that rrij is maximal with respect to the property that the weight of Lj is less 
than M' . Note that by construction of the region in Heavy-Search, no heavy cut 
will be found in dimension one and so there is no need to look there. Also value 
mi is computed in procedure Heavy-Search. Figured shows an example of the 
process in three dimensions. Region L\ is drawn in dotted lines, R\ is drawn in 
dashed lines, L 2 and R 2 are the unshaded regions on the left and right of the 
diagram respectively, and finally C 2 is the shaded region in the centre. 

We note that for dimension j, either Lj or Rj may be an empty region. 
Additionally if region Ri is non-empty then it will have zero weight due to the 
construction of region K in Heavy-Search and it may be treated as if it were 
empty. Since rrij was chosen maximally the weight of Lj U Cj is at least M' . If 
the weight of Rj is at least M' then there is a heavy cut which the procedure 
will make and then recurse on subregions Lj U Cj and Rj . Otherwise there is no 
heavy cut in this dimension. Observe that the weight of Cj U Rj is at least M' 
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Fig. 1. Searching for a heavy cut 



because the weight of K is at least 2M' {aM' > 2M' for d> 2). Therefore, the 
region Lj is the largest region on the left, with respect to dimension j from Uj 
to bj, which has weight less than M' and Rj is the largest region on the right 
with respect to dimension j from Uj to bj, which has weight less than M'. We 
call rrij a threshold value for dimension j. 

If there is no heavy cut in any dimension then Heavy-Cut will have computed 
the threshold value mj for each dimension j. In this case the region is medium 
and is passed to Tile-Medium along with the threshold values. 



2.3 Tile-Medium 

This procedure is given a medium region and the threshold values for each di- 
mension, as computed in Heavy-Cut. We know that for a given dimension j, 
a threshold value divides the region into three subregions Lj,Rj and Cj. The 
procedure will choose the heaviest of the light regions, Lj or Rj, over all dimen- 
sions and slice it off. It will keep removing the heaviest of these regions until 
it has cut off \wt{K)/M'\ — 1 of them. The remaining region is guaranteed to 
have weight no more than aM' and will constitute one tile, making the total tile 
usage \yft{K)/M'\ < [wt(iT)/wJ as required. The proof of this follows and uses 

Lemma n 

Lemma 1. Let A he a finite set of objects with weight function s : H — >■ IN. If 
{Bi , . . . , Bk} is a collection of subsets of A satisfying IJ^ Bi = A, then 
— least one set Bi. 

Proof. Straight forward and not given. 



Theorem 1. Procedure Tile-Medium will produce a tiling of a given medium 
region K using \yit{K)/M'\ tiles with all but one tile having weight less than M' 
and the tile of maximal weight having weight no more than {d^ -\-2d—l) /{2d—l) 
times the weight of the optimal solution. 
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Procedure 3 Tile-Medium 

Input: Medium region K and threshold values rrij produced in Heavy-Cut. 
1: g ■«— min{ [wt(7(')/M'J , 2d}, tiles 
2: for i •«— 1 to g — 1 do 

3: Partition K in each dimension j, about rrij giving Lj and Rj 

{Note that some of these regions may be empty} 

4: Let S = {Lj, Rj '■ 1 < j < d} 

5: H •<— element in S with maximal weight 

6: K ^ K -A 

7: tiles •<— tiles U A 

8: return tiles 



Proof. We shall let q = min{ [wt(iC)/M'J , 2d} and we observe that the proce- 
dure produces at most q tiles and thus meets the tile quota. For reference sake 
let Kq = K, and Ki be the remaining region K produced at the end of the ith 
iteration of the for loop (line 6 in Procedure 0) . At each iteration a threshold 
value rrij creates a new partitioning of the region, giving new regions Lj and Rj. 
We let Lj. and Rj^ be the regions Lj and Rj produced during the fth iteration 
of the loop. Note that Lj. C Lj^ and Rj^ C Rj^ for all 1 < i < g and 1 < j < d 
and hence the weight of Lj^ and the weight of Rj^ will be less than M' since K 
is a medium region. 

At each iteration of the loop we pick the heaviest (non-empty) region Lj^ 
or Rj. for 1 < j < d and cut it off. It will become an individual tile and we 
know the weight is less than M' . By the construction of K we know that i?i 
is either empty or of zero weight and thus may be ignored. Therefore initially 
there are at most 2d — 1 non-empty regions in set S to be considered. Note that 
this implies 2d tiles is the maximum number required. Since we slice off one of 
these regions Lj. or Rj^ during each iteration, at the start of the ith iteration 
there are at most 2d — i such (non-empty) regions remaining. The weight of the 
heaviest of these regions must be at least (wt(iCi_i) — wt(C))/(2d — i), where 
C = (mi, m 2 , ■ ■ ■ ,rn^) is the centre element. This follows from Lemma [Dsince 
the union of all the regions Lj^ and Rj. gives the region K^_i less the centre 
element. Since we slice off the the heaviest of these regions at each iteration we 
obtain. 



wt{Ki) < wt(ATi_i) 



wt(LTi_i) — wt(C) 
2d — i 



Using the above inequality and induction gives. 



^ l)wt(Lr) -b i wt(C) 

wt(iF,) < — 



We check that the weight of the remaining region K after the g — 1 iterations of 
the loop satisfies the theorem. We know that this weight will be no more than 

(2d — g)wt(AT) + (g — l)wt(C) 



2d - 1 
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and since we know that wt(iT) < (q -|- 1)M' and wt(C) < M' we find that the 
remaining region will have weight no more than, 

{2d-q){q+l)M' + {q-l)M' 

2d -I 

This takes its maximum value when q = d and on substitution we get the result. 

□ 

The theorem together with the preceding discussion proves that the algorithm 
does indeed achieve a {d'^+2d—l)/{2d—l) approximation to the RTILE problem. 



2.4 Running Time Analysis 

We now examine the worst case running time for the RTILE approximation 
algorithm presented. A crucial component of the algorithm is the ability to 
calculate the weight of a given region of the array. As observed in |SS99| this can 
be achieved in 0(2^) time for d dimensions given an appropriate data structure 
which is computed in a preprocessing stage in 0{n‘^) time. Though exponential 
in d this is in fact linear in the size of the input. However, if we were given a 
sparse array we would hope to improve upon this. This is on-going work, but 
to allow our analysis to hold with any improved weight calculating function we 
shall assume that we can calculate the weight of any given rectangular region of 
the array in time T 2 (n, d) given a Ti{n,d) time preprocessing stage. 

We begin our analysis with the highest level loop in procedure Heavy-Search. 
Since we only look for divisions into subregions in dimension one, this part of 
the algorithm can be implemented in 0{nT2{n, d)) time. We note at this point, 
that if we do have to spend 0{n‘^) time building a data structure for weight 
calculation, then we could at the same time build a 0{n) space data structure 
to reduce the time for this stage of the algorithm to 0(n). 

We consider next the time for procedure Heavy-Cut. Searching for a heavy 
cut in a given dimension can be done by binary search in 0 (T 2 (n, d) logn) time. 
For a given region there are at most d dimensions to be searched and since at 
most p tiles are produced there can be a maximum of p calls to this procedure 
giving a total of 0 {pdT 2 {n, d) logn) time for this part of the algorithm. 

Finally we consider the work done in procedure Tile-Medium. The running 
time will depend upon the weight of the region K given to the procedure. As 
in the algorithm we let q = min{ [wt(A)/M'J ,2d}. On examination we see that 
the running time is bounded by, 

<7 — 1 2d—i 

EE {T 2 {n,d) + 0{1)) , 

i=i j=i 

since there are at most 2d — i regions Lj and Rj whose weight needs to be 
computed in order to select the heaviest at the ith iteration. This solves to give 
a running time of 0 {d^T 2 {n, d)) and as for the previous procedure there can be 
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at most p calls to this procedure giving a total running time of 0 {p(PT 2 {n, d)) 
for Tile-Medium. 

Combining the above we get a total running time of 0{Ti{n,d) + {pd^ + 
pdlogn + n)T 2 {n,d)). In the general case, assuming Ti{n,d) = 0(n'^) and 
T 2 {n,d) = 0(2^), this gives a running time of 0{n‘^ + pd2'^{d + logn)). 



3 DRTILE Approximation Algorithm 



In order to solve the dual DRTILE problem we use the same trick employed in 
and 



and use a modified version of the RTILE algorithm. In the 
dual tiling problem we are given an array A and a weight limit W and must 
tile the array so that each tile produced has weight at most W using a minimal 
number of tiles. If p* is the number of tiles used in an optimal solution to a given 
instance of the problem then p* > |’wt(y4)/IT] , (we assume W > M). 

To solve the problem we let p = [wt(A)/IE] and use a modified version of 
the RTILE algorithm. If we run the RTILE algorithm with the array A and tile 
limit p, we will obtain a tiling with at most p tiles, with each tile having weight at 
most aM' where M' = wt{A)/p < W. It is easy to modify the algorithm to use 
at most 2dp tiles and ensure each tile has weight at most M' . This then gives us 
a 2d approximation algorithm for the DRTILE problem. Procedure Heavy-Cut 
is modified to always pass a region with weight greater than M' to Tile-Medium 
(after computing the threshold values). Tile-Medium slices off all the non-empty 
regions Lj and Rj of which there are at most 2d — 1 and we know each of these 
has weight less than M' . The remainder will be the centre element which will be 
the final tile making the total tile usage at most 2d. Since there were at most p 
tiles produced in the original RTILE algorithm there are now at most 2dp tiles, 
which is less than 2dp* and thus gives the 2d approximation for the DRTILE 
problem. This can be implemented in 0{n'^ + pd2‘^ log n) time. 



4 Conclusions 

The algorithms presented offer good approximations to optimal solutions for the 
problems considered. The approximation ratio of 2 d-i^ “ I + I + 
new RTILE algorithm improves that of for the algorithm in [SShhj . Though 
only slight, this improvement is significant for small d. Additional benefits of the 
new algorithm include an improved running time and a far simpler and more 
direct analysis. It is also easy to construct instances of the RTILE problem that 
have optimal solutions with a maximum tile weight of {d/2 + 1)M' and thus 
we can see that our algorithm has significantly reduced the gap between the 
approximation ratio of the RTILE algorithm in |SS99j and this value. In order 
for any algorithm to improve upon an approximation ratio of d/2-|-l alternative 
techniques must be used which require an improvement in the the lower bound 
of M' used in our analysis. 

Since the algorithms have running times which are exponential in the dimen- 
sion d of the array, they will be practical for only small values of d. In order to 
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make them practical for arbitrary d, further work must be done to take advan- 
tage of sparse data arrays. If the array is not sparse then any algorithm which 
examines an array of size 0{n^) will only be practical for small values of d. 

Another possibility for further work is to try to increase the lower bound of 
5/4 for the best possible approximation for any RTILE algorithm. We would like 
to find a lower bound that is a function of d which would narrow the gap between 
the current lower bound of 5/4 and the {d^ + 2d — l)/{2d — 1) approximation 
algorithm presented. 

Another interesting problem is to examine what is lost in the RTILE and 
DRTILE algorithms, by restricting the type of tilings produced to hierarchical 
tilings. A relationship between the maximum tile weight produced by the RTILE 
approximation algorithm and the optimal maximum tile weight in the equivalent 
hierarchical tiling problem would be a useful result. 
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Abstract. In this paper we show that, given a family of interacting 
systems, many notions which are important for expressing properties of 
systems can be modeled as sheaves over a suitable topological space. 
In such contexts, geometric logic can be used to test whether “local” 
properties can be lifted to a global level. We develop a way to use this 
method in the study of interacting systems, illustrated by examples. 



1 Introduction 

Many properties of systems can be expressed as assertions about states, actions, 
transitions, behavior in time. In this paper we show that, given a family of in- 
teracting systems, under certain circumstances these notions can be modeled by 
sheaves over a suitable topological space (where the topology expresses how the 
interacting systems share the information). The main advantage is that this al- 
lows us to use geometric logic in order to study the links between the properties 
of the systems obtained by interconnecting families of interacting systems, and 
those of their components. This opens the way towards a possibility of verify- 
ing certain properties of complex systems in a modular way, thus increasing 
efficiency. 

Among existing approaches to concurrency based on fiberings, sheaf and 
presheaf theory we mention |MP8^ . pMT] . IG^ , p^ . |M^ fwir^ . 
[ICW96j . The starting point of our research is the work of Pfalzgraf |Pf^ and 
the ideas of Goguen and Monteiro and Pereira IMEHE!. The idea of 

modeling states, actions and transitions by sheaves with respect to a topological 
space, and of using geometric logic for studying the link between properties of the 
components and properties of the systems that arises from their interconnection 
is, to the best of our knowledge, new. Preliminary results (in a more theoretically 
involved framework) appear in The results presented here simplify and 

considerably extend those in Mi- 

The paper is structured as follows. In Section 2 we present some basic no- 
tions from sheaf theory and geometric logic. Section 3 discusses the systems 
and communication between subsystems we want to model. Section 4 describes 
our sheaf-theoretic model; then geometric logic is used to test whether local 
properties can be lifted to a global level. 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 512-^2^ 1999. 

(c) Springer- Verlag Berlin Heidelberg 1999 
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2 Preliminaries 

We present results from sheaf theory and geometric logic which we will use in 
our work. For definitions we refer to |.Toh82| or |MT;M92) . Notions from category 
theory and many-sorted logic are assumed known. Categories and sheaves will 
usually be denoted in sans-serif style, e.g. Set, Sh(/). 

Sheaf theory. Let / be a topological space, and C(J) the topology on I. A 
presheaf on / is a functor P : 17(/)°p ^ Set. Let U C V he open sets in 7, 
and i(j U ^ V the corresponding morphism in 17(7). The restriction to U, 
n^u) : P{V) — ^ P{U) will also be denoted by p(j. A sheaf on 7 is a presheaf 
F : 17(7)°P — Set satisfying the following property: 

for each open cover of U and family of elements Si G F{Ui) s.t. for all i,j we 

have PuinUji^i) ~ PulnUji^j)' thete is a unique s € F{U) with Pu^{s) = Si for all i. 

The stalk of a sheaf 7^ on 7 at a point i G I is the colimit 7) = _^.F(7f), 

where U ranges over all open neighborhoods of i. The morphisms of sheaves are 
natural transformations of functors. Sh(7) will denote the category of sheaves on 
7. The assignment F ^ Fi defines the stalk functor at i, Stalky : Sh(7) — Set. 

Interpreting many-sorted first order languages in Sh(7). Let £ be a many- 
sorted first-order language consisting of a collection of sorts and collections of 
function and relation symbols. Terms and atomic formulae from £ are defined in 
the standard way; compound formulae are constructed by using the connectives 
V, A, =>, -1 and the quantifiers 3, V, for every sort X. An interpretation M of C in 
Sh(7) is constructed by associating a sheaf on 7 to every sort X, a subsheaf 
rM (2 X • • • X Xff to every relation symbol R of arity Ai x • • • x A„ and an 
arrow f^ : Xf^ x • • • x X^ — >• in Sh(7) to every function symbol / with arity 
XiX- ■ - X Xn — t Y. Each term t{xi , . . . , a;„) of sort Y is (inductively) interpreted 
as an arrow t^ : Xf^ x ••• x Xff — >■ Y^] and every formula . . . ,Xn) 

with free variables FV{(j)) C {x\, . . . ,a;„}, where Xt is of sort Xi gives rise to a 
subsheaf {(a;i, . . . , x„) | (t>{xi , . . . , x„)}^ C Xf^ x • • • x Xff . For details we refer 
to iMhMD2j . Ch. X. 

Geometric formulae and axioms. A geometric formula is a formula built up 
from atomic formulae using only the connectives V and A and the quantifier 3. 
A geometric axiom is a formula of the form (Vxi, . . . , Xn){4> => '0) where 4> and 
ip are geometric formulae. A geometric axiom (Vxi, . . . , x„) {4> => ip) is satisfied 
in an interpretation M of C in Sh(7) if {(xi,...,x„) | is a subobject of 
{(xi, . . . ,x„) I in Sh(7). 

Geometric morphisms; preservation properties. Let f : I ^ J he a, con- 
tinuous map between topological spaces. The direct image functor /, : Sh(7) — 
Sh(J) corresponding to / associates with every F G Sh(7) the sheaf f*{F) : 
I7(J)°P — Set defined by /*(£)([/) = F(/“^(C/)); the inverse image functor 
f* : Sh(J) Sh(7) associated to / is defined as follows: for every G G Sh(J), 
let p : Gx ^ J he the bundle associated to G; f*{G) G Sh(7) is the sheaf 

associated to the bundle f*{p) ■ f*{Y[xeJ t 7 as obtained when construc- 
ting the pullback of / and p. f* preserves finite limits and arbitrary colimits 
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(/* is left adjoint to /*); hence it preserves the interpretation of any geome- 
tric formula. Moreover, /* preserves the interpretation of all geometric axioms. 
Since /, is right adjoint to /*, it preserves limits, but not unions or images (in 
general). However, /, preserves, to some extent, existential quantification, as 
follows. Let T be a theory in the language £. A variable is called T-provably 
unique if its value in every model of T is uniquely determined by the values of 
the remaining free variables. A cartesian formula relative to T is a formula built 
up from atomic formulae using only the connective A and the quantifier 3 over 
T-provably unique variables. A cartesian axiom relative to T is a formula of the 
form iyx){(j){x) => 'f’ix)) where (j) and if are cartesian formulae relative to T. 
A cartesian theory is a theory whose axioms can be ordered such that each is 
cartesian relative to the preceding ones. Direct image functors preserve models 
of cartesian theories. 

3 Systems 

Our aim is modeling interconnected systems, whether hardware, software, or 
both. We assume a system S to be described by: a set X of control variables 
of the system, a set F of constraints on X, a set A of atomic actions, and a 
set C of constraints on A. This way of describing systems was influenced by the 
fact that, in many practical applications, the state of a system is determined by 
the values of certain control variables, among which dependencies may exist. An 
example and a detailed motivation can be found in [Sofhfij . 

Definition 1. Let X = (Sort, O, P) be a signature, consisting of a set Sort of 
sorts, a set O of operation symbols and a set P of predicate symbols, A E- 
structure is a structure M = {(Mg) seSort, {fn} feO, {RM}Rep) where if f € O 
has arity Si x . . . x s„ — >■ s then fjyj '■ x . . . x Mg^ — >■ Mg and if R G P has 
arity si x . . . x then Rm Q Mg,^ x ... x Mg^. The class of E -structures is 
denoted Stri;. 

For a (many-sorted) set of variables X = {WsjsgSort let Fmai;(A) be the set of 
formulae over E. If M G Stri;, s : A — >■ M is a sort-preserving assignment, and 
(f) G Fmai;(A), (M, s) ^ (abbreviated in what follows by s ^ </>) is defined in 
the usual way (cf. e.g. fCK9()| . Ch. 1). 

Definition 2. A system S is a tuple (E,X,P,M,A,C), where 

— E = (Sort, 0,P) and X = {A^lsgSort are as above; together they form the 
language £s of the system S; 

— P Q Fmai;(A) is a set of constraints on variables, which is closed with 
respect to the semantical consequence relatioi^ \=m,’ 

-Mg Stri;; 

— A is a set of actions; for every a G A we have a set A“ Q X of variables 
on which a depends, and a transition relation Tr°‘ C SaP x SaP, where 
SaP = {s|x» \ s : X ^ M,s\= P}; 

The relation \=m is defined by P \=m f if and only if for every assignment of valnes 
in M to the variables in A, s : A — >■ M , if s ^ 7 for every 'y G P, then s <j>. 
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— C is a set of constraints on actions, expressed by boolean equations over 
Fb{A) (the free boolean algebra generated by A) stating e.g. which actions 
can (or have to) be executed in parallel, and which cannot; C must contain 
all boolean equations that can be deduced from C. 

In what follows, we may refer to any of the components of a system S by 
adding S' as a subscript, e.g. Ss for its signature. Xg will denote the minimal set 
of variables on which a G As depends, and Trg the transition relation associated 
with a. 



Definition 3 (States; Parallel actions). Let S = {X,X,r,M,A,C) be a 
system. A state of S is an assignment s : X ^ M satisfying all formulae in F. 
The set of states of the system S is St{S) = {s : X ^ M \ s \= F} . 

The admissible parallel actions of S are sets of actions, represented by maps 
/ : A — >■ {0, 1} that satisfy all constraints in C. The set of admissible parallel 
actions of S is the set is Pa{S) = {/ : ^ — >■ {0, 1} | / satisfies C}. 

Below we restrict our attention to finite systems, i.e. systems whose signatu- 
res, sets of control variables and sets of actions are finite; this suffices for practical 
applications and avoids modeling the undesirable case of infinitely many actions 
occurring in parallel. 

Transitions. Let S = {X, X, F, M, A,C) be a system. Let Trs{a) = {(si,S 2 ) | 
si, S 2 G St{S), (si|x“) S 2 |X“) G si(a;) = 52 ( 2 :) if a; ^ X“}. In order to extend 
this notion of transition to parallel actions we present two non-equivalent pro- 
perties of transitions that express compatibility of the actions in an admissible 
parallel action, (Disj) and (Indep). 



(Disj) Let / G Pa{S),s G St{S) such that for every a G A with f{a) = 1 
there is an s“ G St{S)\x‘^ with (s|jfa,s“) G Tr“. Then for all a, 6 G As and 
X G X'^nX^, s°'(x) = s^{x), i.e. the new local states “agree on intersections”. 
The transition induced by / is Trs{f) = {(s,t) | G St{S), (s|x“,t|X“) G 
Tr“ for every a such that /(a) = 1, and s(x) = t(x) A x ^ \J^ /(a)=i -^“}- 
(Indep) We assume that if a = 6 G C then = X** and = Tr^, and a 
and b can be both identified with one action: the parallel execution of a, b. 
Let / G Pa{S),s G St{S). We identify all elements a,b € A with a = b € C 
and f{a) = f{b) = 1. Let now /“^(l) = {oi, . . . , a„}. Let {bi, . . . , bm} be an 
arbitrary subset of /“^(l). We assume that: 

(i) g : A ^ {0, 1}, defined by g{a) = 1 if and only if a G { 61 , ... , bm}, is in 
Pa{S); 

(ii) s — V Si S 2 • • • Sm-i t implies that for every permutation cr 
of {!,..., m}, there exist states tf , . . . ,tf^_i such that s tf 

tm-i ^ (the final state t is the same). 

The transition induced by / is Trs{f) = {{s,t) | s,t G St{S), and there 
exist s = So, si, . . . , s„_i, s„ = t € St{S) such that (si_i, Si) G Trs{ai), 
for all 1 < I < n|. It is easy to see that if (s,t) G Trsif) then for every 
a; ^Ua,/(a)=i^“. s(a;) =t(x). 
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The property (Disj) applies when a parallel action / : A — >■ {0, 1} is admissible if 
and only if its components do not consume common resources. This happens for 
example if for all ai ,02 G A with /(oi) = /(o 2 ) = 1, either oi = 02 G C or X°-^ 
and are disjoint. The property (Indep) reflects how transitions of parallel 
actions are interpreted when actions to be performed in parallel do consume 
common resources. It specifically applies if the state reached after executing an 
action is uniquely determined. In this case, the fact that all components of a 
parallel action / : A — >• {0, 1} can be applied at a state s is a necessary condition 
for / to be applicable at state s, but in general not sufficient: in addition, one 
has to be sure that there are enough resources to perform all actions. Condition 
(Indep) (i) holds for instance if C is the set of all consequences of a set Cq 
consisting only of formulae of the form oi = 02 and oi A 02 = 0. Condition 
(Indep) (ii) states that the order in which the actions are executed is not relevant 
for determining the final state. 

3.1 Communication between Subsystems 

Systems are usually related to other systems. We assume that, in order for two 
systems to be able to communicate they need a “dictionary” . Elements that 
are equal according to the dictionary are identified, so communicating systems 
are here supposed to share common control variables and common actions. We 
further assume that the values of the common control variables “sensed” simul- 
taneously by two or more systems are the same. Essential to our model is that 
systems have common subsystems by which communication is handled (not the 
use of “dictionaries” or “translations”), and we focus on this aspect. 

Definition 4. Let S, T be two systems. We say that S is a subsystem of T 
(denoted S > — > T ) if Us C Xt, Xs C Xt, As Q At, the constraints in r$ (resp. 
Cs) are consequences of the constraints in Ft (resp. Ct), and M$ = U§f{MT) 
(where : Stri;,^, — >■ Stri;^ is the forgetful functor). 

Let S > — > T. If we regard a transition in T from the perspective of S, some 
variables in S may change their values with no apparent cause, namely if some 
action in At but not in As is performed, which depends on variables in X$. 
If this cannot be the case, we call the subsystem S > — > T transition- connected. 
Formally, we have the following definition. 

Definition 5. S is a transition-connected (t.c.) subsystem of T (denoted S ^ 
T) if S > — > T and the following two conditions hold: 

(Tl) for every a G At, if X if fi Xs yf 0 then a G As, and Xg = X^ fi Xs; 
(T2) for every a G As and every S\,S 2 G St{T), */ (si|x» , S 2 |x“) G Tr^ then 
(si|x|, S2|X|) G Trg. 

It is easy to see that the relation ^ is a partial order on systems. We define a 
category T cSys with as objects systems and a morphism S T between S and 
T whenever S' is a t.c. subsystem of T. 
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Theorem 1. TcSys has pullbacks (infimums with respect to this order of t.c. 
subsystems of a given system; we will denote this operation by A) and colimits 
of diagrams of t. c. subsystems of a given system. 

In concrete applications, we tend to be interested in a subcategory of TcSys, 
containing only the systems relevant for the application. To this end, we assume 
a family InSys of interacting systems is specified, fulfilling: 

— All S G InSys are t.c. subsystems of a system S with finite. 

— InSys is closed (in TcSys) under pullbacks of subsystems of S. 

— (InSys, A) is a meet-semilattice. 

The first condition enforces the compatibility of models on common sorts and 
the finiteness of As for every S G InSys; the second and third condition make 
sure that all systems by which communication is handled are taken into account. 

A system obtained by interconnecting some elements of InSys can be seen 
either as the set of all elements of InSys by whose interaction it arises (a subset 
of InSys which is downwards-closed with respect to or as the colimit of such 
a family of elements. We define I?(lnSys) as consisting of all families of elements 
of InSys which are closed under t.c. subsystems. It is a topology on InSys. 

4 Modeling by Sheaves 

We show that the notions of states, (parallel) actions, behavior, and time can 
be represented as sheaves over the topological space (InSys, I7( InSys)) previously 
defined. The fact that these notions can be expressed as sheaves with respect 
to an appropriate Grothendieck topology on a category of systems was already 
noticed in ESIEI- We now show that the abstract framework presented there 
can be simplified. The main advantage of this simplification is that we can now 
express many properties of systems in the internal logic of the topos of sheaves 
over InSys. Geometric logic is then used to study how properties are preserved 
when interconnecting systems: interpretations corresponding to individual sy- 
stems are obtained by using stalk functors, and interpretations corresponding 
to their interconnection are obtained by using the global section functors and 
colimits. 

Definition 6 (States; Parallel actions). 

(St) St : l7(lnSys)°^’ — Set is defined on objects by St{U) = {(si)SiGC/ I Si G 

L 

St(Si), and if Si ^ Sj then Si = and is such that for U\ C U 2 , 

St(t) : St(G 2 ) St(Gi) is defined by St(t)((sj)SiG(72) = (s*)SiGi7i- 
(Pa) Pa : l7(lnSys)°*’ — >• Set is defined on objects by Pa(?7) = {{fi)si^u \ fi G 

i 

Pa{Si), and if Si ^ Sj then fi = moreover, for Ui C U2, Pa(t) : 

Pa(C/ 2 ) ^ Pa(Gi) is Pa(t)((/i)siGC/ 2 ) = (fi)si(^Ui- 

Theorem 2. The functors St and Pa are sheaves on InSys. For every Si G InSys, 
the stalk at Si is in bijection with St{Si) resp. Pa{Si). Moreover, for every 
U G I2(lnSys), St{U) (resp. Pa{U)) is in bijection with St{Su) (resp. Pa{Su)), 
where Sjj is the colimit of the diagram defined by U . 
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Proof: (Sketch) The fact that St and Pa are sheaves follows immediately from 
the definition of a sheaf. The fact that there exists a bijection between St{U) 
(resp. Pa(C/)) and St{Su) (resp. Pa{Su)), where Su is the colimit of the diagram 
defined hy U G l7(lnSys), follows from the definition of the colimit, taking into 
account that (i) if Si is a t.c. subsystem of S 2 and is a formula of then 
a state s of S 2 satisfies (j> if and only if its restriction to satisfies (p] and (ii) 
for every U G l7(lnSys), every family of states which are compatible on 

the common variables can be “glued” to a (unique) state of the colimit S/y of 
the diagram defined by U. It can be shown that the stalk of St at Si is StQ,i5'i). 
Since the colimit of the diagram defined by fSi = {Sj G InSys | Sj ^ Si} is Si, 
St(|S'i) is in bijection with St{Si). The same results hold also for Pa. □ 

For every Si in InSys and fi G Pa{Si), let Trs^ifi) be the transition relation 
associated to fi in Si as explained in Section 3. 

Definition 7 (Transition). 

(Tr) Tr : l7(lnSys)°^’ -4 Set is defined on objects by Tr{U) = {(/, s, s') | / = 

ifi)Sieu S Pa(C/),s = (s^)sieu,s' = (s')s;g[/ G St(C/), (s*, s') G Trs^lfi), 

L 

for all Si G U} and is such that for Ui C U 2 , Tr(r) : Tr{U 2 ) — >■ Tr(C/i) is 

defined Tr(t)((/, s, s')) = (Pa(t)(/), St(r)(s), St(i)(s')). 

Theorem 3. The functor Tr : J7(lnSys)°^ — >■ Set is a subsheaf of Pa x St x St. 
For every Si G InSys, the stalk at Si is in bijection with Tr{Si) = {(/, s,s') | 
(s, s') G Trs-{f)}. If the transitions obey either (DisjJ or (Tndep^, then, for 
every U G I2(lnSys), Tr([/) is in bijection with Tr{Su) = {{f,s,s') \ (s, s') G 
Trs^{f)}, where Su is the colimit of the diagram defined by U. 

Proof: (Idea) The fact that Tr is a subsheaf of Pa x St x St follows immediately. 
A careful analysis shows that if the transitions obey either (Disj) or (Indep), 
then (i) for every U G l7(lnSys), every family of local (compatible) transitions in 
the systems Si G U can be glued to a global transition of Su, where Su is the 
colimit of the diagram defined by U; and (ii) for every Si G U, the restrictions 
of a transition in Su to Si is a transition in Si. The fact that the stalk at Si is 
in bijection with Tr{Si) can be proved as in Theorem|21 □ 

We now define the behavior in time of a complex system. Our ideas are influ- 
enced by those in where objects are modeled by functors F : T°p — >■ Set, 

where T is a “base for observation”, and behavior is described componentwise. 
Here, we propose a slightly different way of modeling behavior. In what follows, 
time is assumed to be discrete, and all actions take a constant, unit amount of 
time. We will assume that T is the basis for the topology on N consisting of N 
together with all sets {0,1, . . . ,n},n G N. The behavior in the interval T G T 
of a complex system is modeled by all successions of pairs (state, action) of the 
component subsystems that can be observed during T. We show that behavior 
over an arbitrary but fixed time interval T, can be modeled by a sheaf. It may 
be interesting to combine sheaf conditions with respect to time and with respect 
to the structure of a system; this is planned for future work. 
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Definition 8 (Behavior). Let T G T be arbitrary but fixed. The behavior in 
the time interval T is modeled by : L2(lnSys)°^ -G Set defined for every 
U € I2(lnSys) by Bt{U) = {h : T ^ St(C/) x Pa(C/) | K{h,T)} and for every 

U\ C U 2 by BT(t) : B>t{U 2 ) — t Bt{U\), where for every h G Bt(U 2 ), BT(i)(h) = 

(St(t) X Pa(r)) oh : T A St(t/ 2 ) x Pa(t/ 2 ) St(C/i) x Pa(C7i). Here 

K{h,T) expresses the fact that for every n, if n,n + 1 G T and h(n) = (s,f), 
h{n + 1) = (s', /') then (/, s, s') G Tr(U). 

Let Bt(S) = {/i : T — >• St(S) xPa(S) \ Ks(h,T)}, where Ks(h,T) expresses 
the fact that for every n, if n, n + 1 G T and h(n) = (s, /), h(n + 1) = (s' , f') 
then (s,s') G Trs(f). 

Theorem 4. For any T G T, Bt '■ l7(lnSys)°*’ — ?> Set is a sheaf. For every 
Si G InSys, the stalk at Si is in bijection with BT(Si). If the transitions obey 
either (Disjj or (Indep^, then, for every U G InSys), Bt(B) is in bijection 
with Bt(Su), where Sjj is the colimit of the diagram defined by U. 

Proof: (Idea) The fact that Bt is a sheaf follows from the definition of Bt and 
the fact that St, Pa, and Tr are sheaves. The existence of a bijection between 
Bt(U) and Bt(Su) follows from results used in Theorems 0 and 0 when proving 
that F(Sjj) is in bijection with f(U) for F G {St, Pa,Tr}. □ 

In order to reason about the evolution of systems in time, it may be useful 
to express time internally in the category Sh (InSys). 

Definition 9 (Time). Time is modeled by the sheafification of the constant 
presheaf N : l7(lnSys)°^ — Set (defined for every U by M(U) = Nj, which by 
abuse of notation we denote N as weZZQ 

We can also define functors B^V and B^^x which only encode information about 
states (resp. actions). Various other sheaves and natural transformations can be 
defined by using standard categorical constructions in Sh(lnSys). We can e.g. 
define a natural transformation Bpj x N A St x Pa whose components Bn({7) x 
N(U) A St(U) X Pa(C7) are defined by au(h,(m)si(^u) = ((sl)Si&u,(ft)Si(^u), 
for every U G I2(lnSys), where for every Si G U, h(m) = ((s])sjau,(fj)Siau)- 

Theorem 5. For every Si G InSys, Stall< 5 ^(a) is (up to isomorphism) the map 
BT(Si) X N A St(Si) X Pa(Si), defined by asi(h,n) = h(n). 

Proof: (Sketch) Follows immediately from the way the stalk functors are defined 
on morphisms, and from the fact that, by Theorems 0 and 0 Fg^ ~ F(fSi) ~ 
F(Si) for F G {St, Pa, B^}, and from the fact that Ng. ~ N(4,S'i) ~ N. □ 

An alternative way to describe behavior is by traces of execution. We obtained 
results which extend those given in HEHBI, and which give a sheaf-theoretic 
formalization to results of Diekert Due to space limitations we cannot 

present these results here; for details cf. iHHnii. 

^ It is denoted (Af~^)'^ in LVLLM921 . p. 130; it can be shown that for every U G I7(lnSys), 
(Af^)'^ (U) = (i : 1/ — >■ N I i locally constant}. N = (A/”’^)’*' is the natural number 
object in Sh(lnSys); maps 1 A N A N and a subobject <C N x N can be defined. 
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4.1 Using Geometric Logic to Express Properties of Systems 

Let £ be a fixed many-sorted language including at least sorts like st(ate), 
pa(rallel-action), b(ehavior), t(ime); constants like Sq • st (initial state), 0 : t (in- 
itial moment of time); function symbols like appi : bxt — )> stx pa, pi : stx pa — ^ st, 
P 2 : St X pa — > pa; relation symbols like tr(ansition) C pa x st x st, =x^ X x X 
for every sort X, etc. Let M be an interpretation of C in Sh(lnSys) such that 
st'^ = St, pa-^ = Pa, = Bpj, t = N, appl'^ = a, pi^^ = tti, P 2 ^ = t ^2 (the ca- 
nonical projections), tr^ = Tr. For every sort X, we interpret =x: X x X ^ Q 
as usual. 

Stalk functors. For every Si S InSys let fi : {*} — > InSys be defined by /i(*) = 
Si- The inverse image functor corresponding to /,, the stalk functor Stalks^ = 
/* : Sh(lnSys) — >■ Set, associates to every sheaf F G Sh(lnSys) the stalk at Si, 
Fsi- For all Si G InSys, /* preserves the validity of geometric axioms. The stalk 
functors /* : Sh( InSys) — ^ Set are collectively faithful, so they reflect the validity 
of geometric axioms. 

Global section functor. Consider the unique map g : InSys —>►{*}. The corre- 
sponding direct image functor, g, : Sh(lnSys) — )> Set, is the global section functor 
g*{F) = F(lnSys) for every F G Sh(lnSys). Thus, the global section functor pre- 
serves the interpretation of every cartesian axiom. 

Theorem 6. Sh (InSys) satisfies a geometric axiom in the interpretation M if 
and only if Set satisfies it in all interpretations f*{M). // Sh(lnSys) satisfies 
a cartesian axiom, this is also true in Set in the interpretation g,^(M) (f*{M) 
and g*{M) interpret a sort X as f*{X^) resp. gt{X^)). 

From Theorems 12111 and 0 we know that for every Si G InSys, /*(St) = Sts^ ~ 
St{Si) and ff{Pa) = Pas- ~ Pa{Si)] if S is the system obtained by interconnec- 
ting all elements in InSys, 5 *(St) = St(lnSys) ~ St{S), and ( 7 *(Pa) = Pa(lnSys) ~ 
Pa{S). The same holds for Tr and B^. Moreover, /*(N) = N, g*(N) = N(lnSys), 
and, by Theorem El /i*(appO = as, : Bn{Si) x N — ?> St{Si) x Pa{Si). Hence, 
statements about states, actions and transitions in Sh(lnSys) are translated by 
/* (resp. 5 *) to corresponding statements about states, actions and transitions 
in Si (resp. S). 

We illustrate the ideas above by several examples. We consider classes of 
properties of systems (adapted from |Kro87) i and express them in the language 
C. For instance, if /i is a possible behavior and j a moment of time, then h{j) can 
be expressed in £ by appl(/i, j); the state of h at j can be expressed by s{h,j), 
where s = pi o appI : b x t "1^' st x pa LV st. 

(a) Safety properties are of the form (V/i : b)(Vj : t)(P(s(/i, 0)) Q(s{h, j))), 
where P and Q are formulae in £. As examples we mention: partial cor- 
rectness: Nh : b)(Vj : t)\(P(s(h,0)) A Final(s(/i, ?'))) Q(s(h,j))]; global 

invariance ofQ: (V/i : b)(Vj : t) [P(s(/i, 0)) ^ Q{s{h,j))]. 
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(b) Liveness properties have the form (V/i : b)[P(s(h,0)) (3j : t)(5(s(h, _j))]. 

With So denoting the initial and s/ a final state, examples are: total cor- 
rectness and termination: (V/i : b)[P(s(/i, 0)) => (3j : t)(Final(s(/i,j)) A 
Q{s{h, j)))\] accessibility: (Vh : b)[(s(h, 0) = sq) ^ {3j : t){s{h,j) = s/)]. 

(c) Precedence properties are of the form (V/i : b)(Vj : t)[(P(s(h, 0)) A 
^(s(/i,j))) ^ Q{s{h,j))]. 

Theorem 7. Assume that the following conditions are fulfilled: 

(1) The final states form a subsheaf St f C St interpreting a sort stf of C. (This 
happens e.g. if in the definition of a system final states are specified by ad- 
ditional constraints, and in defining colimits this information is also used.) 

(2) The properties P,Q,A can be expressed in C (using the sorts, constants, 
function and relation symbols mentioned at the beginning of Section 

and can be interpreted in both Sh(lnSys) and Set (to express, for every St in 
InSys, the corresponding property of Si, or S). 

Then, all formulae considered above (safety, liveness and precedence properties) 
are preserved under inverse image functors if in the definitions of the property 
P (c.q. Q,A) only conjunction, disjunction and existential quantification occur. 
They are additionally preserved by direct image functors if only conjunction and 
unique existential quantification occur. 

Proof: (Sketch) Assume that (1) holds, and stf is a subsort of st. Let i : stf — >■ st 
be the inclusion. Then Final(s) is expressed in C by (3s' : stf)(i(s') = s), and if 
s' exists, it is unique. If (1) and (2) hold, the formulae above can be expressed 
in the language C. Therefore, the conclusion follows, since all given formulae are 
geometric if P, Q, A are (resp. cartesian if P, Q, A are, and only unique existential 
quantification occurs). □ 

Examples. 

1. Let (/>! = (Vs, s', s" : st)(Va : pa)[(tr(a, s, s') A tr(a, s, s")) s' = s"] express 
determinism. Since (fi is a cartesian axiom, if all systems in InSys satisfy 4>i, 
then (fi is true (internally) in Sh (InSys). Moreover, it follows that (ji is true 
in the system obtained by interconnecting the systems in InSys. 

2. Let (j )2 = (Vh : b)(Va : pa)(Vi : t)[(3s : st)(tr(a, pi(appl(/i, i)), s)) => (3j : 
t)(i > * A p 2 (appl(h, j)) = a)] express fairness of execution. Since (j )2 is a 
geometric axiom, it is preserved and reflected by the stalk functors. Since an 
existential quantifier occurs, 4>2 may not be preserved by the global section 
functor. If (j )2 is part of a cartesian theory T (i.e. the existence of s and j is 
T-provably unique), then its validity (as part of T) is preserved by g». The 
validity of (j >2 is also preserved by 5 * if all systems in InSys are independent, 
i.e. Si f\ Sj =% if Si ^ Sj (If InSys is finite, (lnSys\0, J7(lnSys\0)) is then a 
Stone space, cf. also Remark^. 

3. Let (j )3 = (Vs : st)(3a : pa)(3s' : st)(tr(a, s, s') A (s s')) express deadlock 
freedom. Since ((3 contains the negation sign, it is not geometric and may 
not be preserved by direct and inverse geometric morphisms; in particular 
neither by the global section nor by the stalk functors. 
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Remark 1. The empty system 0 can be excluded from consideration, as follows. 
Let l7i(lnSys) be the family of all subsets of lnSys\0 closed under t.c. subsy- 
stems. (If no element in InSys is the colimit of other elements in InSys, then 
l7i(lnSys) is the free frame freely generated by InSys together with the constraint 
that the empty family of systems covers the empty system.) All the considera- 
tions above remain valid when f?(lnSys) is replaced by J7i(lnSys). The space 
(lnSys\0, 17i( InSys)) is totally disconnected if for every S'i,S '2 G InSys, their lar- 
gest common t.c. subsystem S'! AS '2 is empty; the space is compact if additionally 
InSys is finite. In this situation a larger class of axioms is preserved by the global 
section functor (uniqueness in existential quantification is not required, cf. e.g. 
[LTohS2j . Ch. V.1.12). Then, the definition of time as a sheaf N expresses the fact 
that independent systems may have independent clocks. 



5 Conclusion 

We showed that a family InSys of interacting systems closed under pullbacks 
can be endowed with a topology which models the way these systems interact. 
States, parallel actions, transitions, and behavior can be described as sheaves on 
this topological space. We then used geometric logic to determine which kind of 
properties of systems in InSys are preserved when interconnecting these systems. 
Our results are influenced by the results of Goguen in , where a sheaf- 

theoretic framework for modeling concurrent interaction is presented. There, 
objects are taken to be sheaves, and then the behavior of systems (diagrams 
in the framework) corresponds to constructing a limit, while interconnecting 
systems amounts to taking colimits. At the end, Goguen suggests to look at the 
more elaborate framework of topos theory and see what kind of reasoning can 
be achieved using the internal logic of a topos of sheaves. This is the direction 
we have explored in this paper. The main advantage of our approach is that it 
opens the possibility to verify properties of complex systems in a modular way. 

In recent papers on model checking, decomposition of systems was used to 
avoid the state explosion problem. We refer for instance to K !GL0bl . where 
systems are modeled by finite Kripke structures. In that context, it is shown 
that formulae in universal computation tree logics (ACTL*) can be checked in 
a modular way; for this (i) certain fairness assumptions are made; and (ii) it 
may be necessary to make additional assumptions about the environment when 
verifying properties of individual components. Both in formulae in ACTL* and 
in geometric and cartesian formulae, as defined in this paper, restrictions are 
imposed in the use of existential quantification and negation. We would like 
to gain a better understanding about the possible links between the results 
presented in this paper and the methods from model checking mentioned above. 

We plan to continue our research in several directions. First, we can consider 
categories with more special morphisms (e.g. conservative extensions, definitio- 
nal extensions). Second, we can consider more general morphisms expressing 
“translations” between languages of different systems. For this, the theory of 
institutions may be a suitable theoretical framework. Third, since we showed 
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that transitions define subsheaves Tr C Pa x St x St, we can associate a “generic 
transition system” to a given category of systems, where both states and actions 
are sheaves. The results of Adamek and Trnkova on defining automata in 

a category could then be applied to the concrete category Sh(lnSys); this would 
allow us to carry over general constructions like minimal realization. 
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Abstract. In this paper we introduce a new acceptance concept for 
nondeterministic Turing machines with output device which allows a 
characterization of the complexity class as a polynomial 

time bounded class. Thereby the internal structure of the output is es- 
sential: it looks at output with maximal number of mind changes instead 
of output with maximal value which was realized for the first time by 
Krentel Kre 88|. 

Motivated by this characterization we define in a general way two opera- 
tors, the so called maxGh- and minGh- operator, respectively which are 
special types of optimization operators. 

Following a paper by Hempel/Wechsung IHWDtil we investigate the beha- 
viour of these operators on the polynomial hierarchy. We prove a collec- 
tion of relations regarding the interaction of operators maxGh, minGh, 
$, 3, V, ©, Sig, C and U. So we get a tool to show that the maxCh- and 
minGh- classes are distinct under reasonable structural assumptions. 
Finally, our proof techniques allow to solve one of the open questions of 
Hempel/Wechsung. 



1 Introduction 

Abstract operators play a central role in structural complexity. There are various 
attempts to relate complexity classes and function classes by defining operators 
which map complexity classes to function classes and vice versa. A starting point 
of this area is given by Toda p^odDl] with the ^-operator which captures the 
essence of counting. E.g., this operator allows a characterization of the function 
class span-P introduced by Kobler/Schoning/Toran |KST89| as # • NP. 

Another central point of interest in complexity theory is the complexity 
of maximization (minimization) problems. Krentel investigated in pCre88| op- 
timization problems, e.g. TSP and maxClique. In terms of the function class 
OptP = min-P U max-P he described a classification of such problems: thereby 
a function / belongs to max-P, if there is a nondeterministic polynomial time 
bounded Turing machine with output device such that for any input x the ma- 
ximum output of M for any accepting path (3 of M{x) equals /(x). Krentel has 

G. Ciobanu and G. Paun (Eds.): FCT’99, LNCS 1684, pp. 524-^^£] 1999. 

(c) Springer- Verlag Berlin Heidelberg 1999 
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proved that, e.g. TSP (as function problem) where the length of a optimal tour 
equals the value of the function is complete in OptP by metric reduction. 

Furthermore he has shown that any function of FP^^ can be described as 
an OptP-problem followed by a deterministic polynomial time computation. 

As a consequence it stated a characterization of the complexity class 
A 2 = P^^ by the so called MAX-acceptance concept: 

Given a nondeterministic polynomial time bounded Turing machine with 
output device M and an input x then M accepts x in the sense of MAX iff any 
computation path with (quasilexicographically) maximum output accepts x. 

Inspired by Krentels result and the abstract operator technique Hem- 
pel/Wechsung defined as optimization operators the max- and min- operator, 
respectively which allow an application of the MAX-acceptance concept to other 
complexity classes, e.g. P and coNP. Krentels result stated in terms of max/min- 
operators yield the following identities: 

A 2 = © • min -P and A 2 = © • max -P. 

In [HW96] was proved a number of powerful relations regarding the interac- 
tion of the operators max and min with formerly used operators as U, ©, 3 and 
V. In this way they proved an evidence for a strict hierarchy of the corresponding 
max and min function classes. 

The complexity class 6>2 = was established by Wagner in |Wag90| 

as a constitutional part of the polynomial hierarchy, e.g. there is proven that 

= PNP. 

This paper is organized as follows: 

We start with a further qualitative characterization of by a special acceptance 
concept: 

Let M be a nondeterministic polynomial bounded Turing machine with out- 
put device and let x be an input. M accepts x in the sense of MAX-CH iff at any 
computation path P oi M on x with maximal number of mind chances of the 
output X is accepted. For w € {0, 1}* ch(w) denotes the number of mind-changes 
in w. It holds ch(0) = ch(l) = ch(OO) = ch(ll) = 0,ch(10) = ch(Ol) = 1 and e.g. 
ch(lOOlO) = 3, ch(lOlOl) = 4. 

This concept means that the internal structure of the output is essential. It 
allows a characterization of 0 ? as a polynomial time bounded complexity class: 
0P = MAX-CH-P. 

In section 3 we give the formal definitions of the operators maxCh and minCh 
(and $) respectively which are caused by the MAX-CH acceptance type. We point 
out the identities 0| = © • maxCh • P and 0f = © • minCh • P. 

In section 4 we follow the way of Hempel/Wechsung to prove a number of 
relations regarding the interaction of our new operators maxCh and minCh and 
the known operators 3, V, ©, Sig, U and C. Thus we are able to investigate the 
hierarchy of maxCh- and minCh- function classes and get structural evidence 
that the corresponding classes are distinct (or we have collapses in the polynomial 
hierarchy) . 

In the last section we refer an open question from Hempel/Wechsung. Our 
proof techniques established in section 4 allow an answer to this question. 
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We adopt the notations commonly used in structural complexity. For details 
we refer the reader to a standard book, e.g. 

2 A Machine Based Characterization of A .2 and 02 

Throughout this work our basic machine model is the nondeterministic 
polynomial-time bounded Turing machine with output device (NPTM). Every 
computation path writes an output over {0, 1}* and accepts or rejects. The ou- 
tput of such a TM M on a path /3 on input x is denoted by /3). 

A machine M is said to be normalized if every paths /3i and /?2 with 
ch(outM(a;, /?i)) = ch(outjvf(a^, /32)) have the same acception behaviour. 
Subsequently we consider only normalized machines. 

As usual we have = P^^-i (i > 1) - the class of sets decidable by 
a deterministic polynomial-time oracle-machine (DPOM) with an oracle from 
Af_i and = p^?-i['°s] _ where the number of queries is bounded by O(logn). 

In this section we present a characterization of 02 by the MAX-CH accep- 
tance concept, i.e. we prove = MAX-CH-P, where MAX-CH-P is the 

class of all sets decidable in the sense of MAX-CH by polynomial time bounded 
machines. 

As mentioned above Krentel has proved 
Theorem 1. = MAXP. 

Following the idea of Krentel we show 
Theorem 2 . 0^ = MAX-CH-P. 

Proof. ”C” 

Let A G pNP[i°g]^ and let M a DPOM and C G NP, such that A = L 
where M is asking w.l.o.g. exactly z{n) = 0(log(n)) queries to the oracle on 
inputs of length n. 

Since C G NP there exist D G P and p G Pol such that for all x € S* 

x&c^^ V 

v,\v\<p{\A) 

We construct a NPTM N as follows: 

On input x N computes -z(|a;|) and guesses nondeterministically 
G {0,ir(l"D. 

After that on each path j3 the following steps are carried out: 

1. N constructs the oracle queries qi, . ■ . ,qz(\x\) simulating M^^\x) substitu- 
ting 6i, . . . , &z(|a;|) for the answers to M’s queries. 

2. For each qi such that bi = 1 N guesses nondeterministically a pi with 

\yi\ <p(lftl)- 

If not for all these pi (qi,yi) G D (Z? G P), then N outputs the word 0 and 
rejects on /3. 

Otherwise N continues at 3. 
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3. N outputs a word w = 0101 . . . 0(1) on /3, where ch(i(;) — 1 equals the natural 
number whose binary representation forms the string bi . . . bz(\x\)- 

(Since z{n) = O(logn) this is possible in polynomial-time.) 

4. N accepts if and only if the computation simulated in 1. was accepting. 

Let /3max be a path reaching 3. where bi . . . &z(|x|) is lexicographically maximal 
among all paths reaching 3. For the w output on this path ch(w) is maximal 
too. 

The bi,. . . ,^z(|a:|) of such a path /3max represent the correct oracle answers 
of on input x. 

Hence accepts if and only if N{x) accepts in 4. on /3max- 

Let A gMAX-CH-P and M a NPTM such that A = LMAx-CH(Af). 

We define two auxiliary sets Hi, H 2 G NP: 

Hi =df {{x,y) : there exists a path (3 with ch (outM(a;, /?)) > y} 

H 2 =df {(a^, k) : there exists an accepting path (3 with ch (outM(a;, /?)) = k} 

For an input x G S* 

k = max{ch(outM(a;,/3)) : /3 is a path of M{x)} 

is deterministically computable with 0(log |cc|) queries to Hi. 

? 

A single further question (x,k) G H 2 suffices to determine if M{x) accepts 
on paths with the maximal change number k. □ 

3 Operators 

Using the max/min - operators in [HW96| were shown A 2 = © • max -P and 
= © • min -P. 

One aim of this paper is to get a similar operator-based, machine-independent 
characterization for Therefore we define in the next subsections the 

operators used in this paper. 

3.1 Operators Mapping Complexity Classes to Ftinction Classes 

We define for a complexity class K. function classes max-/C, min-/C, # • K, 
maxCh • /C, minCh • K. and $ • K.. 

We recall from fTodflIj and [H W9B] : 

/G#-/c^V V A /(^) = 

A^K p^Pol 

f G max-/C V V A f{x) = max : 0 < y < A {x, y) G a| 

A^K p^Pol 

(and if this set is empty let f{x) = 0) 



: 0 < 2 / < A {x, y) G a| 
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/ S min -/C V V A f{x) = min : 0 < y < A {x, y) G 

A^K p^Pol x£U* 

(and if this set is empty let f{x) = 

Our definitions motivated by the characterization of are: 

/G$./C<=^Y y /\ /(x) = ||{ch(y) : |y| <p(|x|) A (x,i/) G A}|| 

A^K pGPol xGl^* 

f G maxCh • IC-^ V V A /(a;)=max{ch(y) : |y| < p(|a;|) A (x,y) G A} 

A^K p^Pol x^U* 

(and if this set is empty let f{x) = 0) 

/ G minCh • /C <1=^ V V A /(a;)= min {ch(y) : \y\ < p{\x\) A {x, y) G A} 

A^K pGPol x^U* 

(and if this set is empty let f{x) = p(|a:|)) 

3.2 Operators Mapping Function Classes to Complexity Classes 

For every function class are \J-T, Sig-.?^, G-T und © • T defined by 
A&\] ■ T < 1 =^ ca^T 

Gl G Sig • .7^ <1=^ y f\ {x& A f{x) > 0) 

A&G-T <1=^ V V A ^ ^ Ax) > g{x)) 

/e^^geFP 

A^^.T^y A {x & A f{x) = 1 (mod 2)) 

3.3 Operator Based Characterization of 

Using the identity MAX-CH-P = prove 

Theorem 3. 02 = ® ‘ maxCh • P and 02 = © • minCh • P 
Proof. 

The obvious construction using binary search is omitted due to space restrictions. 

It suffices to show MAX-CH-PC © • maxCh • P. Let A G MAX-CH-P. 

Hence there is a NPTM M with A G Lmax-ch(AF)- Let the computation time 
of M be bounded by the polynomial p. 

We define /3max(a;) to be a path such that 

ch(outM (a;, /3max(a:))) = max {ch (outM(a;, /30) : /3^ is a path of M} 
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Let h : {0,1,#}* — >■ {0,1}* be the homomorphism defined by h(0) = 00, 
h(l) = 11 , and h(#) = 01 . 

Hence holds |/i (outM(a:, /3)#/3)| < 4p(|a;|) + 6 . 

Let a and 7 be sufficiently large such that g{n) =dj 2771 “ > 4p(n) + 6 for all 
natural numbers n. 

It follows that 



g{\x\) > |h(outM(a:,/3)#/3)| 



and hence 



5(|a;| +ch(outM(a:,/3))) > |h (outM(a;, /3)#/3) | 

> ch(h(outM(a;,/3)#/3)) ( 1 ) 



We define D to be 
D = {{x,w) : x,w G S* and 

1 . w has the form h (outM(a:, /3)#/3#) 1010 ■ ■ ■ and 

2 . The NPTM M has on input x on path /3 the output outM{x,P) and 

3 . The /X in 1 . is chosen such that 

,, . _ J (/ (|a:| + ch (outM(a;,/3))) if M rejects on /3 
c (w) { g (jxj + ch (outM(a^, /?))) + 1 if M accepts on /3 

is satisfied.} 

There is ever such a g because of ( 2 ). 



From the definition we see that for a suitable chosen polynomial s holds 
f\ {{x,w) GD — ^ |w| < s(|a;|)) . 

Since D gV, the function / defined by 

f{x) = max{ch(rc) : |w| < s(|x|) A (x, w) G D} 

is in maxCh • P. 

Because of the monotonicity of g follows 

f{x) = 1 (mod 2) iff M accepts x on /3max(a^)- 
Hence we have shown H G © • maxCh • P. 



6*2 = © • minCh • P can be shown analogously. 



□ 
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4 The Operators minCh, maxCh and $ on PH 

Now we want to investigate the hierarchy of function classes we obtain by ap- 
plying the operators minCh, maxCh and $ to the polynomial hierarchy. In the 
following we will refer to it as maxChange-hierarchy. Under the assumption of 
an infinite polynomial hierarchy we get an inclusion structure given in figure 1. 

The main difference between the maxChange-hierarchy and the hierarchy 
of min/max-classes investigated in [HW9B| lies in the characterizability of the 
$-classes by the maxCh-classes. 



4.1 The Operators Sig, C, and U on Function Classes 

To give evidence that certain inclusion relations between function classes are not 
valid we use monotone operators mapping function classes to complexity classes. 
This method was already used e.g. in |Vol94j . 

In this subsection are collected some auxiliary results regarding the operators 
Sig, C and U on minCh/maxCh - classes. The proofs are more or less straight- 
forward and are omitted here. 

Theorem 4. For every complexity class K, closed under <^, 



Sig • maxCh -K = 3-K. 

For every complexity class K closed under 

Sig • minCh • /C = co/C. 

For every complexity class K closed under <^, 

1. C • maxCh • /C = 3 • /C, 2. C • minCh • /C = V • co/C. 

For every complexity class AC closed under 

1. U • maxCh • AC = AC, 2. U • minCh • K. = coAC. 

For every i>l, 

U ■ {FO^Xoi = Sig ■ {F0!)poi = C ■ {F0P)p,i = 01 

In [HW96] the same results can be found for the operators min and max 
except of that we need stronger assumptions for the closure properties. 



4.2 General Relationships 

In order to analyse the inclusion structure of the maxChange hierarchy we state 
in the current subsection some more general results regarding operators on com- 
plexity classes having resonable closure properties. 
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The $ - Classes. 

It will turn out that $ • /C can be expressed with the help of the operators 
maxCh and 3 if /C is closed under <ctt- The essential part is done in the proof 
of the next theorem. 

Theorem 5. For every complexity class K closed under <^, 



$-/C = $-3-/C 

Proof. It suffices to show $ • 3 • /C C $ • /C. 

Let / G $ • 3 • /C. Hence 



V V A = l|■Lch(?/) : |?/| <p(|x|)A(a;,t/) gH}||. 

A^3-JC p^Pol x^U* 

Therefore exist B £ K, and polynomials p and q such that 



A /(*) 



ch(t/) : |y| < p(|a;|) A \J (a;,h(y#z)) G H 



z.hl<9(hl) 



where h : { 0 , 1 , #}* — { 0 , 1 }* is the homomorphism defined by h( 0 ) = 00 , 
h(l) = ll,h(#) = 01 . 

We define r(n) =df 2p{n) + 2q{n) + 2. 

Therefore \h{yffz)\ = 2|y| + 2\z\ + 2 < r(|a;|). 

Let a and 7 be sufficiently large such that g(n) =df 7 n“ > r(n) is satisfied 
for all natural n. 

TTptipp 

5(kl) > \h{y#z)\ 



and therefore 

Since ch(a;) < \x\ follows^, , ^ _ 

y(|x| + ch(y)) > |h(y#z)|. 

g{\x\ + ch(y)) > ch{h{y#z)). 
Now we define C to be 
C = {(a;,w) : x,w G S* and 

1 . w has the form h{yffzff) 1010 . . . and 



( 2 ) 



u 

2 . (x, h{yffz)) G B and 

3. The /i in 1. is chosen such that 



ch(h(y#z#) 1010 ..J = y(|a;| + ch(y)) 
is satisfied. } ^ 

There is ever such a ^ in 3. because of (0. 

By the definition of C follows for a suitable chosen s: 
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Since /C is closed under holds C G fC. 

Because g is one-to-one we get for all x 

f{x) = ||{ch(u>) : \w\ < s(|x|) A (x,w) e C'}|| 

Hence / G $ • /C. □ 

Now we can prove: 

Theorem 6. For all K. closed under <ctt> 

maxCh • 3 • /C = $ • /C 



Proof. ”C” 

We show maxCh • /C C $ • 3 • /C for all /C closed under . 

maxCh • /C C $ • /C and maxCh • 3 • /C C $ • /C follow then due to theorem 0 

Let / G maxCh • /C, hence there exist A € K and a polynomial p such that 

f\ f{x) = max {ch(j/) : |y| < p(|a;|) A (x, y) G A} 

We define B to be 

B = {{x, z) : X, z G E* und 

1. z = 0101...0(f) und 

Vy,|y|<p(|^|)((a^.?/) G HAch(y) > 1)} 

We conclude B g3- 1C since /C is closed under <^. 

Since for all x G S* 

/(x) = ||{ch(z) : |z| < p(|x|) A (x, z) G B}\\ , 
we have proven / G $ ■ 3 • /C. 

Let / G $ • /C. Hence there are A G 1C and a polynomial p such that 
A = \\{ch{y) : \y\ <p(|x|) A (x,y) G A}\\ 

We define H to be H = {(x, z) : x, z G E* and 

1. z = 0101 . . . 0(1) (I < p(|x|)), and 

I 

2. There exist yi,... ,yi-i satisfying yi < p(|x|) and ch{yi) ch{yj) for all 
i j, and 

3. (x, j/i) G H A • • • A (x, G A} 

We conclude B g3- K. since K, is closed under . 

We see that for all x G E* 

/(x) = max {ch( 0 ) : \z\ < p(|x|) A (x, 2 ;) G B} . 



This proves / G maxCh • 3 • /C. 



□ 
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Relationships among the minCh- and maxCh- classes. 

Theorem 7. For every complexity classes K. and C closed under 

1 . minCh • JC C minCh • C <1=^ /C C C 

2. maxCh • /C C maxCh • C <1=^ JC QC 

3. maxCh • /C C minCh • C <1=^ 3 ■ JC Q coC 

Of special interest is the third statement. Unfortunately, for the inclusion in 
the vice versa direction we don’t know a structural equivalence. We have 

Theorem 8. For every complexity classes JC und C closed under <dtt’ 

1 . minCh • /C C maxCh • C <1= 3 • /C C coC 

2. minCh • JC C maxCh • C 1C C coC A 3 • /C C V • coC 

Nevertheless, the fact that we don’t have a structural equivalence for 
minCh • 1C C maxCh • C causes no problem for our main goal to analyse the ma- 
xChange hierarchy under the assumption of an infinite polynomial hierarchy. 
Differently it will be in the case of the investigation of certain collapse-events in 
the PH. 



The {F0f)porClasses. 

We summarize here our results for the (F0f)poi-classes 

F denotes the set of all functions computable in deterministic polynomial- 
time with the help of an oracle from 

A function / from FZ\^ belongs to F0f if f{x) is computable with at most 
0(log |a;|) queries to the oracle. 

For a function class if we define JFpoi to be the subset of polynomially bounded 
functions. 

Theorem 9. For every complexity classs C closed under < 4 u and all i > 1, 

1. {F0P)poi C maxCh • C ^ C C 

2. {FOP)poi C minCh • C ^ C C 

Theorem 10. For every complexity class JC closed under and all i > 1, 



1. maxCh • JC C (F0f)poi ^ 3 ■ JC C Of 

2. maxCh • JC C {FOf^^)poi ^3-JCCSf 

3. minCh • JC C {FOf)poi ^ 3 ■ JC C Of 

4. minCh • JC C {FOf^^)poi ^3-JCCSf 
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Fig. 1. The lowest levels of the maxChange hierarchy 



4.3 Consequence for the maxChange-Hierarchy 

The statements proved in l4,'.fl imr)1v immediately 

1. The inclusions shown in figure 1 are valid. 

2. There are not any more inclusions unless the polynomial hierarchy collapses. 

4.4 Investigation of Collapse Events in the Polynomial Hierarchy 
Case P=NP. 

P=NP clearly implies that the maxChange-hierarchy collapses to FPpoi- 

Case P ^ NP, NP = coNP. 

Here remains as open question if minCh-P C maxCh-P or minCh-P ^ maxCh-P, 
because there is not known a structural equivalence for minCh • /C C maxCh • C 
inlOl 
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Due to theorem ITni 2 from NP=coNP follows maxCh • /C C (F6>2)poZ for all 
K € PH. Furthermore from theorem 0 we conclude 

NP=coNP ^ FO^ C minCh • NP n maxCh • NP. 

5 An Open Qnestion for max/min-Operators 

In [HWhHj was left open the problem to find structural equivalences for the 
inclusions 



^ • P C max -coNP and # • P C min -coNP. 

As a more general result we can state 

Theorem 11. For every K. closed under <^, intersection and complement and 
every C closed under 

# • /C C max-C ^ C= • /C C C 

# • /C C min -C ^ C= • /C C C 

As a consequence we get the relations 

# • P C max -coNP <1=^ C=P C coNP 

# • P C min -coNP <1=^ C^P C coNP 

The proof of theorem UH is available in the full version of the paper. 

(This is also true for all other proofs which are omitted here due to the lack of 
space.) 
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Abstract. We consider for a real number a the Kolmogorov comple- 
xities of its expansions with respect to different bases. In the paper it 
is shown that, for usual and self-delimiting Kolmogorov complexity, the 
complexity of the prefixes of their expansions with respect to different 
bases r and b are related in a way which depends only on the relative 
information of one base with respect to the other. 

More precisely, we show that the complexity of the length I ■ log^ b prefix 
of the base r expansion of a is the same (up to an additive constant) as 
the log^ 6-fold complexity of the length I prehx of the base 6 expansion 
of a. 

Then we use this fact to derive complexity theoretic proofs for the base 
independence of the randomness of real numbers and for some properties 
of Liouville numbers. 



Kolmogorov Complexity is mainly attributed to finite strings over a finite 
alphabet. As a function or, more coarsely, as a limit it measures the complexity 
of infinite strings. 

Real numbers are described by their (infinite) r-ary expansions. Thus, choo- 
sing the base r, we may attribute Kolmogorov complexity also to real numbers, 
however, relative to the chosen base. Consequently, it might happen that the 
Kolmogorov complexity of a real number depends on the chosen base r. 

Particular cases, where a property of a real number depends on the base r 
are disjunctiveness and Borel normality. An infinite r-ary expansion ^ of the 
real number VriO ■— is called disjunctive provided every finite r-ary string 
appears as an infix of Borel normality is defined in a similar way, taking into 
account also the relative frequencies of the infixes. For more detailed information 
see, e. g. , [( )a,94IHe9tij . It was already shown in |( Js.bhfSctTn] that Borel norma- 
lity and disjunctiveness are not invariant under changes of the base r. On the 
other hand, it was shown in IHM|, and in another context in [H W98) . that the 
property of randomness of an infinite expansion of a real number is invariant 
under base change. Besides that it was claimed in that the Kolmogorov 

complexity (as a limit) does not depend on the chosen base r. 

In this note we investigate in more detail the Kolmogorov complexities, 
Kr{C/n) of expansions ^ of a real number with respect to different bases r. 
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We show that, if a real number is expanded in the scales of r and b, respectively, 
then complexity of the length I ■ log^ b prefix of the base r expansion of is the 
same (up to an additive constant) as the log,. 6-fold complexity of the length I 
prefix of the base 6 expansion. 

This result provides a third proof of the fact that randomness is base invari- 
ant for real numbers. Next we investigate the complexity of Liouville numbers, 
a kind of real numbers famous for an elegant and constructive proof of the exi- 
stence of transcendental real numbers. Finally, utilizing our complexity theoretic 
arguments, we calculate the Hausdorff dimension of the set of Liouville numbers 
and investigate disjunctive Liouville numbers. 



1 Notation and Preliminaries 



By IN = {0, 1,2,.. .} we denote the set of natural numbers. In order to treat the 
Kolmogorov complexities for arbitrary alphabets we let := {0, . . . , r — 1} be 
our alphabet of cardinality card Xj. = r for r G IN r > 2. By X* we denote the set 
of finite strings (words) on Xr, including the empty word e. We consider also the 
space of infinite sequences (w-words) over Xj.. For w G X* and rj G X* 
let w-rj be their concatenation. This concatenation product extends in an obvious 
way to subsets W C X* and F C X* U X^ . 

By w Q t] we denote the prefix relation, that is, ic T ry if and only if there is 
an rj' such that w ■ rj' = rj. 

For r] G X* U we denote by i^riv) ■= fti® real number with (finite or 
infinite) base r expansion rj. 

We will consider the self-delimiting as well as the non self-delimiting comple- 
xity (cf. [( ;a.t)4|l ;Vt).‘-i] L To this end we fix for every r G IN a universal algorithm 
Ur : X* — >• X* and a universal self-delimiting algorithm Cr ■ X* — >• X*, the 
domain of the latter is a prefix-free subset of X*. Moreover we fix a recursive 
standard bijection between IN and X*, r-string : IN — >■ X*. For the sake of con- 
venience we agree that r-string(n) is the nth string in the quasilexicographical 
order of X*. Then |r-string(n)| = [log,.(n(r — 1) -|- 1)J <1-1- log,.max{n, 1}. 

The Kolmogorov complexity of a word w G X* is defined as Kr{w) := inf{|7r| : 
7T G X* A Ur(Tr) = w}. Accordingly, the self- delimiting Kolmogorov complexity 
of a word w G A* is Hr{w) := inf{|7r| : tt G A* A C'r(Tr) = w}. 

In order to prove our results we need the following slight modifications of 
Theorem 5.1.b.ii in and Theorem 3.5 in ra. We call a function / : 

M — >■ M' of bounded ambiguity provided there is a fc G IN such that for every m G 
M' the preimage f~^(m) has no more than k elements, and we call a function 
6 : IN — >■ IN semi- computable from above if the set Mh '■= {(n,j) : 6(n) < j} is 
recursively enumerable. 

Theorem 1. 1. Let / : IN — >■ A* be a recursive function of bounded ambiguity. 



r-Hrif(n)) 



< oo . 



2 . 



Then 

Ifg-.N^X; 

such that 

3c(c G IN A Vn(n G IN 



is recursive and h 



IN — >■ IN js semi- computable from above 



Hr{g{n)) < h{n) -I- c)) 
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Proof. 1. It is well-known that the self-delimiting complexity satisfies the ine- 
quality < oo (see |Ca94ILV93j 1 . Let card / ^(w) < k for every 

w S X*. Then 



^-Hr(f{n)) ^ card/-i(w) • ^ ’ X! < oo . 

raGiN w^X* w^X* 

2. If X^riGiN < OO then also < oo. 

n^IN j^h{n) n^IN 

Consequently, there is an m G IN such that X^nciN 'l2j>h{n) < 1. 

Let /ft : IN — >■ X* x IN be a recursive function enumerating the recursively 
enumerable set Mft := {(r-string(n), /) : j > h{n) + m}. Above we derived 
the inequality X)(r-string(ri) i)€Mh Thus, according to the Kraft-Chaitin 

Theorem (Theorem 4.17 in icini) there is a mapping C : X* — >• X* with 
prefix- free domain such that C{wnj) = r-string(n) for some word Wn,j £ X* 
with \wn,j \ =j whenever (r-string(n), /) G Mft. 

Then C \= go r-string^^ o C : X* — >■ X* is a partial recursive function with 
the same prefix-free domain as C and C'{wn,j) = g{n) for all n,j G IN. Since 
Hr(g{n)) < Hc'{g{n)) + c where Hc'{w) ;= inf{|7r| : tt G X* A C"(7t) = re}, we 
have Hr{g{n)) < h{n) + m + c. □ 

The next theorem relates the complexities and Hr to their counterparts for 
alphabets of different size cardXf, = b, Kt and H},, respectively. To this end we 
denote by (6, ^(-trans := 6-string o r-string^^ : X* — >■ X^ the standard bijection 
between r-ary and 6-ary words. 

Theorem 2. Let / : IN — >■ X^ be a recursive function of hounded ambiguity, 
and fet g : IN — >■ Xf he a recursive function. Then there is a constant c > 0 such 
that for all n gTN the following inequalities hold true 

Kr{,g{,n)) < log,, 6 • Kb{f{n)) + c and 
Hr{g{n)) < log,. 6 • Hb{f{n)) + c . 




Proof. Let card f~^{w) < k for all w G X^. We define a function (f : Xf — >• Xf 
in the following way: 

If |7 t| < k let 4>{Tr) := e (the empty word). Otherwise split the input tt G Xf 
in two parts tti • tt 2 such that |7 Ti| = k. 

Set 771 := (|r-string^^(7Ti)| (mod k)) G {1, . . . , k}. 

Then translate 7T2 via the standard bijection (6, r)-trans : Xf — >■ X^ into a 
program a := (6, r)-trans(7T2) G X^. Compute Ub{o) for a universal computer 
w.r.t. X^. If Ub{<j) is defined then take from the set {i : f{i) = f7ft((r)} the m-th 
element, n (say), and compute g{n). 

Thus, if /(n) = Ub{<j) then card /~^(/(n)) < k and there is a prefix tti such 
that we have dijr) = gin) for tt := tti • (r, 6)-trans(cr)l3 Finally observe that 
K^{g{n)) < |7t| < fc -f Hcrl • log,, 6] . 

In the case of self-delimiting complexity, the assertion follows from the pre- 
vious theorem, because X^kgin < oo . □ 



^ Observe that (r, 6)-trans = (6, r)-trans 
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2 Base Independence 

In this section we consider expansions of real numbers with respect to different 
bases. It is well known that the mappings converting real numbers from scale r 
to scale b are not continuous functions mapping the r-ary expansion ^ of a 

real number a S [0, 1] to a &-ary expansion S X'^ of the same number. For 
instance, in the case r = 3 and 6 = 2 for a = that is, ^ = 111 ... S {0, 1, 2}“ 

we do not know the first bit of the w-word S {0, 1}‘^ until we know the 
whole infinite w-word For a more detailed account see fWe92j . 

Despite this fact, we can show that the Kolmogorov complexities of the ex- 
pansions of the same real number a do not differ too much. To this end we denote 
by Kr{^/1) (Hr{^/1)) the (self-delimiting) Kolmogorov complexity of the prefix 
of length I of the w-word ^ that is, Kr{^/1) '■= Kr{w) := Hr{w)) 

where w C ^ and |r<;| = 1. 

The aim of this section is to prove the following theorem. 

Theorem 3. Let a £ [0, 1] be a real number, and let ^ and (3 £ X'^ be its 

base r and base b expansions, respectively. 

Then there is a constant c such that for every I £ IN the following equations 
hold true: 



\Kr{f/[l ■ log,. b\) - log^ b ■ Kb{P/l)\ < c , and 
\Hr.{£,/[l ■log,.b\) - log,, b ■ Hb{P/l)\ < c . 

In order to prove Theorem O it suffices to show the inequalities 

Kr{f/[l ■ log,, b\) < log, 6- KbiP/l) + C , and (1) 

Hr {£./[1 ■ log, b\ ) < log, b ■ HbiP/l) + c . (2) 

To this end we derive the following facts establishing some connections bet- 
ween the prefixes of an r-ary expansion and a 6-ary expansion of the same real 
number. 

Fact 1 . Let 0 < oi < 02 < 1 for some real numbers 01,02 £ IR and let r £ 

IN, r > 2. Then there is at least one o £ IN such that the interval [ 01 , 02 ] is 

contained in the interval where m := [log, • 

This fact is illustrated in the following picture. 



fli 02 

[ ^ ^ ] 

0 a— 1 a g+1 -i 

j%Tn rpTn j,7Ti X 

Remark. Observe that for 02 — oi < r“™ it is not always possible to cover the 
interval [ 01 , 02 ] by a single r-ary interval [fk, ^^] . Fact ^shows that, however, 
it is possible to cover [ 01 , 02 ] by two adjacent r-ary intervals. 
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We note still that for 0 < a < r™ every real a € ^1^] has an r-ary 

expansion which starts with the same prefix w(a, m) of length m, that is, has an 
expansion between w{a, m) ■ and w(a, m) ■ {r — 1)*^. Here w{a, m) is obtained 
by writing the integer a G IN in r-ary notation and filling with leading zeros up 
to the length m provided a < 

The following fact summarizes our considerations about the containment of 
real intervals in r-ary intervals. To this end let CoVj.(oi, 02 ; a) denote the above 
illustrated fact that [ 01 , 02 ] C where m := [log^. 

Fact 2. The relation 



Rr := {(oi, 02 , o) : oi, 02 G Q n [0, 1] A o G IN A CoVj.(oi, 02 ; o)} 



is recursive and contains for every pair Oi, 02 G Q fl [0, 1] such that a\ < 02 at 
least one triple (oi, 02 , o) where o G IN. 



by 



As a consequence of Fact El we obtain that the functions hr, r > 2 defined 



hr : 

^r(0l,02) = 



(Q n [0, 1])^ — >■ IN where 
J /io(o G IN A CoVr(oi, 02 ; o)), 
10 . 



if Oi < 02 
otherwise 



(3) 



are computable and satisfy the following properties. 

Property 1. Let 0 < Oi < 02 < 1 and m := [log,, Then 



/ir ( 01 , 02 ) < r™ and 

\hr{ai,a2)-l hr{ai,a2) + l 

[Ol,02[ C 



(4) 

(5) 



Proof of Theorem 1^ Let v = /3(1) ... /?(/), that is, |r| = 1. Then 0 < 
According to Fact ^ and Property Q] the numbers 



a{v) := hr yvb{v) , i^b{v) + b j and 
m{v) := [log,, foblj 



satisfy i^biP) G • Thus there is an r-ary expansion of Vb{P) star- 

ting with w{a{v) — l,m{v)) or with w{a{v),m{v)). 

Summarizing the preceding discussion, we obtained recursive functions /i_ , h^ 

— >■ A* such that h-{v) := w{a{v) — l,m{v)) and h+{v) := w{a{v),m{v)) 



6 



^ The choice between the two functions h - , h+ provides the missing information 
which prevented us, in the general case, from a continuous conversion between 6-ary 
and r-ary expansions of real numbers. Observe, that the information we need to 
accomplish the choice between w{a{v) — 1, m(v)) and w(a(v), m(v)) is only one bit. 
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The proof is now finished by applying Theorem |2| in the following way: 

,9 



= 6-string(n) , 



w{a{v),m{v)) 2n I f 

w{a{v) — 1, m{v)) 2n + 1 J 
that is, we associate with every word v G two natural numbers 2n, 2n+ 1 via 
/(2n) := /(2n+ 1) := 6-string(n) , 



and, on the other hand, the function g maps the natural numbers 2n and 2n+ 1 
to the words w{a{v) — l,m{v)) € X* and w{a{v),m{v)) G X*, respectively: 

g{2n) := h_(6-string(n)) and 
g{2n + 1) := h+(6-string(n)) . 

It is obvious that / is of bounded ambiguity, so Eqs. m and (0 follow from 
Theorem El Q 



3 The Complexity of Real Numbers 

In this section we consider the Kolmogorov complexity of real numbers with 
certain properties: the first class is the mentioned in the introduction class of 
random real numbers, and the second is the class of Liouville numbers, well- 
known as constructive examples of transcendental numbers. 

To this end we introduce the lower and upper limit of the relative complexity 
of an w-word ^ G X* . 



■= liminf and At(e) := limsup (6) 

n^oo n n^co U 

Since \Hr{^/n) — Kr{^/n)\ < o(n) it is of no importance whether we use the 
usual or self-delimiting complexity. 

From Theorem 0 above we conclude that for a real number a G [0, 1] we can 
define its lower and upper limit of complexity in the same way as in Eq. 0 : 
!5i{vr{C)) '■= k( 0 and ■= • 



3.1 Random Reals 



It was widely believed that the notion of randomness of a real number a is 
independent of the base of the expansion in which a is represented. Sound proofs 
of this fact were given only recently by different means |C.Tfl4IHW98j . Here we 
give a third proof relying on the following definition of random sequences by 
self-delimiting Kolmogorov complexity (cf. j( "a.filK T87lbVfi^ V 
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Definition 1. An uj-word ^ G X!^ is called random provided 

lim Hr{^/1) — I = oo . 

1—^00 

Now from Theorem 0 the proof of the independence result is immediate. 

Lemma 1. Let a G [0, 1] be a real number which is random in the scale of r. 
Then for every 6 S IN, b>2 the w-word (3 G with = a is random. 

3.2 The Kolmogorov Complexity of Liouville Numbers 

The real numbers we deal with in this section are named after Liouville who 
invented them to demonstrate the existence of transcendental numbers. They 
are characterized by the fact that they have, although in a nonconstructive way, 
very tight rational approximations. 

Definition 2. A real number a G IR is ealled a Liouville number provided 

1. a is irrational. 

2. 'in(n G IN — >• 3p, (j(p, gGlNAg>lA|a— ||< ^)) . 

It should be noted that every Liouville number is transcendental (see IDSiq)EI 
We obtain our first result. 

Lemma 2. If a G [0, 1] is a Liouville number then k{ck) = 0. 

Proof. We show that for the binary expansion rj G {0, 1}‘^ of a for every n G IN 
there is an Z > n such that 

K2{y/l) ^ log2n 

I ~ n 

Let |o — || < where 0 < p < q. We use the function Z12 defined in Eq. Q. 
Since a G {- R,2 + -L),we obtain for a := h^i- — the restriction 

\q ^ q ' J ^ q q^ ^ q ' q^ i 

a < r"^ where m := log2 = n- log2 q — 3. As in the discussion following Fact E 
we define words w{a — 1, m) and w{a, m) of length m = \n ■ log2 gj — 1, one of 
them being a prefix of 77. 

Both words w{a — 1, m) and w{a, m) can be specified by the numbers n,p, q. 
Utilizing a prefix-free binary encoding code : IN — >■ {0, 1}* of the natural num- 
bers, where |code(n)| < 2 • log2 n for n > 4, we obtain programs of the form 

T^n,p,q{i) '■= i ■ code{n) ■ code{p) ■ code{q), i G {0, 1} , 

and a computable function ip : {0, 1}* — >■ {0, 1}* such that 

V'(7^n,p.g(0)) = - 1 , to) and = w{a, to) . 

® Moreover, since n > l-(log^k + l) and \a-^\ < X imply |(a+^)_(2 + ^)| < 
the sum of a Liouville number and a rational number is again a Liouville number, 
whereas, as we shall see below, every real is the sum of at most two Liouville numbers. 
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Consequently, KT^(z(;(a— 1, to)), iC^(zi;(a, m)) < l + 21og2 n + 21og2P + 21og2 g < 
1 + 21 og 2 n + 41og2 g, and hence K 2 {w{a — 1, m)), K 2 {w{a, to)) < c + 21 og 2 n + 
41og2 q for all triples (n,p, q) such that |o; — || < ^ and n, g > 4. Now, observe 
that in view of Definition |3 the values of the denominator g grow with the value 
of the exponent of precision n. Thus 

KT2(??/Ln ■log2g- IJ) ^ log2 n 
[n ■ log 2 g - IJ “ n 

if n (and hence g) is large enough. □ 

In connection with Definition ^ we obtain the following. 

Corollary 1. No Liouville number is a random real. 

Though Liouville numbers are not random, we show that the upper limit of com- 
plexity reaches its maximum value k(o) = 1 also for certain Liouville numbers 
a. We consider the following set constructed similar to the one in Example 3.18 

of ISinBI- 

Example 1. Define 



F := W 



JJ- J^2i.(2i)! , q(2*-K)-(2*+1)! 



ielN 



It is interesting to note that the set of finite prefixes of F, A(F) := {w : w G 
X* A G F Aw ^)}, is recursive. 

If we consider tu- words /3 = where ItCil = 2z-(2i)! and 

Kr{wi) > |wi| — c for some c G IN then Daley ’s jP^ diagonalization argument 
shows k(/ 3) = 1. Since the set {w : w G X* A Kr{w) > |w| — 2} contains at least 
two elements, F contains uncountably many w-words (3 having k(/3) = 1. 

The following consideration verifies that the set of numbers {vr{C) ■ C ^ ^}\Q 
consists entirely of Liouville numbers: 

Let ^ G E, n G IN and consider the prefix w \Z ^ of length (2n-|-l)! = l+X)i=o *‘*-- 
Then w ■ o(2"-+i)'(2"+i)! whence Vr{i) < Vr{w) + ,.( 2 n+ 2 )i-i > ^^nd Vr{w) = 

for some p G IN. Consequently, 0 < vJ^) — vJw) = I'riO < 

rpyZTL-\- i j . 

, ■ Thus, either VriO i® rational or a Liouville number. □ 



Remark. In the same way one proves that F' := {Oj-nigisi (2*+i). 

contains only rational or Liouville numbers. It is readily seen that every number 
a = r'r(C) C [Oj 1] can be represented as the sum Vr{0 = ^r{C) + where 

^ G F and G F' are the letter-by-letter projections of C onto F or F' , respec- 
tively. The numbers Vr{C) 3'Cid in the above sum are rational or Liouville 

numbers, thus according to Footnote El r'r(C) i® n Liouville number or the sum 
of two Liouville numbers. □ 



In the subsequent parts, we use the results obtained so far to give a complexity- 
theoretic proof of Theorem 2.4 in |()x71j and to prove the existence of disjunctive 
Liouville numbers. 
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3.3 The Hausdorff Dimension of Liouville Numbers 

First we consider the Hausdorff dimension of the set of Liouville numbers, L C 
[0, 1]. It was mentioned in |MS94) that the Hausdorff dimension of a subset 
M C [0, 1] coincides with the one of ^ A r'r(C) € M}. The latter can 

be defined as follows. 

Definition 3. The Hausdorff dimension of a set F C dim F, is the smallest 
real number a > 0 such that for all 7 > a it holds 

\/e{e > 0 ^ 3W{W C X* A F C W ■ A ^ < e)) . 

w^W 

From the definition it is evident that Hausdorff Dimension is monotone with 
respect to set inclusion and that dim{^} = 0. We mention still that Hausdorff 
Dimension is also countably stable. 

dim M Fi = sup dim Fi (7) 

zGIN 

Thus every countable subset F C has dimF = 0. For further properties of 

the Hausdorff dimension see, e.g., |F^ . 

We are going to give a complexity-theoretic proof of the fact (cf. 
Theorem 2.4]) that the set of Liouville numbers L is an uncountable set of 
Hausdorff dimension dimL = 0. 

In the papers close connections between Hausdorff dimen- 

sion and Kolmogorov complexity are derived. We need here the following one 
(see Theorem 2 ] or |St931 Corollary 3.14]). 

Lemma 3. For every F C the following bound is true. 

dimF < sup{k(^) : f G F} 

Now Lemmas El and 0 yield the announced result. 

Corollary 2. The set of Liouville numbers L C [0, 1] has Hausdorff dimension 
dimL = 0. 



3.4 Disjunctive Liouville Numbers 

In this last part we turn to disjunctive w-words. As it was mentioned above, an 
oj-word ^ £ Xf is called disjunctive provided every word w £ A* appears as an 
infix of that is, 'iw{w £ A* — >• 3v{v \Z f Av ■ w \Z f). 

Proposition 8 of j.TT88j proves that for every r > 2 there are uncountably 
many disjunctive f £ Xf such that Vrif,) is a Liouville number. The paper jH^ 
presents examples of Liouville numbers whose expansions are disjunctive with 
respect to one base, but not to with respect to all bases (e.g. which 

is not disjunctive in the scale of r). We prove the existence of Liouville numbers 
disjunctive with respect to all bases. 
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Lemma 4. There are uncountably many Liouville numbers a such that for every 
r G IN, r > 2 the to-word f G Xf with Vr{£.) = a is disjunctive. 

Proof. Eq. (5.3) of ISt93l shows that an w-word f G Xf with n{£) = 1 is dis- 
junctive. In fact, if ^ G Xf does not contain a word w G Xf of length |w| = I as 
infix then k(^) < l~^ ■ log.^{r’‘ — 1) < 1. Now Example Q yields the existence of 
Liouville numbers which are disjunctive in every scale r. □ 
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Abstract. The intention of the paper is to develop an efficient model 
checker for real time systems represented by safe time Petri nets and the 
real time branching time temporal logic TCTL. Our method is based on 
the idea of, (1), using the known region graph technique [Q to construct a 
finite representation of the state-space of a time Petri net and, (2), further 
reducing the size of this representation by exploiting the net concurrency. 
To show the correctness of the reduction we introduce a notion of a timed 
stuttering equivalence. Some experimental results which demonstrate the 
efficiency of the method are also given. 



1 Introduction 

One of the most successful techniques for automatic verification of finite-state 
systems has been model-checking: a property is given as a formula of a propositio- 
nal temporal logic and automatically compared with a state-graph representing 
the system behaviour. One of the advantages of this method is its efficiency: mo- 
del checking is linear in the product of the size of the state-graph and the size of 
the formula, when the logic is the branching time temporal logic CTL (Compu- 
tation Tree Logic) j2]. Unfortunately, the verification of large concurrent systems 
suffers from the so-called state explosion problem. An approach to confine this 
problem is to use partial orders and thus to avoid the construction of equivalent 
states reachable by different interleaving of atomic events. Several methods (see 
pilll8| among others) based on this approach have been proposed for analysis 
of reachability and various other properties of concurrent systems. So far, these 
methods have been developed and implemented for linear time temporal logics 
model checking. A first step to adapt the partial order approach for checking 
properties expressed in branching time temporal logics is presented in m- 

More recently, a few attempts (see j,3l 1 6j 1 have been made to extend the succ- 
sess of partial order reductions to the setting of real time systems represented 
by timed automata 0. However, concurrency can not be modelled directly by 
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such timed state-graphs. On the other hand, the paper fa proposed time Petri 
nets as an adaquate model of timed concurrent systems, generalizing other mo- 
dels in a natural way. The paper m proposes to exploit McMillan’s reduction 
techniques based on unfolding in state-space search of time Petri nets. A partial 
order verification algorithm for time Petri nets and a linear time temporal logic 
was proposed in m- 

The present paper shows how a partial order approach can be applied to TCTL 
IP, a real time extension of the branching time temporal logic CTL, that models 
the behaviour of a system as a continuous computation tree. A given real time 
system is represented by a safe time Petri net. Automatic verification is achieved 
by generating a reduced state space of the net, which is big enough to evaluate 
a given formula, and by traversing the reduced state space with the formula. 



The rest of the paper is organized as follows. The basic definitions concerning 
time Petri nets are given in the next section. Section 3 recalls the syntax and 
semantics of TCTL. Both the basic algorithm model checking and its partial 
order improvement are developed in the following two sections. A notion of a 
timed stuttering equivalence is also introduced to show the correctness of the 
reduction method. Some remarks about experimental results are finally given. 
The proofs are relegated to an Appendix when they disturb the exposition. 



2 Time Petri Nets 

In this section we define some terminology concerning time Petri nets j 1 4j . ’Time 
Petri net’ is a Petri net whose transitions are labelled by two temporal constraints 
that indicate their earliest and latest firing times. Let N be the set of natural 
numbers, Rd" the set of nonnegative real numbers, and the set of positive 
real numbers. 

Definition 1. A time Petri net is a tuple J\f = {P, T, F, Eft, Lft, mo), where 

— P = {pi,P 2 , ■ ■ ■ ,Pm} is a finite set of places; 

— T = {ti, ^ 2 , ■ ■ ■ , tn} is a finite set of transitions {P (IT = 0); 

— F C (P X T) U {T X P) is the flow relation; 

— Eft, Lft : T — >■ N are functions for the earliest and latest firing times of 
transitions, satisfying Eft{t) < Lft{t) for all t G T; 

— mo C P is the initial marking. 

Fig. 1 shows an example of a time Petri net, where a pair of numbers near by a 
transition corresponds to its earliest and latest firing times. 

For t G T, *t = {p G P \ ip,t) G F} and t* = {p G P \ {t,p) G F} denote 
the preset and postset of t, respectively. To simplify the presentation, we assume 
that *tnt* = 0 for every transition t. For the sake of convenience, we fix a time 
Petri net Af = {P, T, F, Eft, Lft, mo) and work with it throughout what follows. 
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Fig. 1. An example of a time Petri net: A/i 



A marking m of A/” is any subset of P. A transition t is enabled in a marking 
m if C TO (all its input places have tokens in to), otherwise it is disabled. Let 
enable{m) be the set of transitions, enabled in to. 

Let r{Af) = [T ^ R+] be the set of time assignments for transitions from T. 
Given n G P (J\f) and 6 G R(}” , we let n + 6 denote the time assignment of the 
value n{t) + 5 to each t from T. 

A state <7 of Af is a pair <m,n>, where to is a marking and n G P(Af). The 
initial state of A/” is a pair = <TOq, vq >, where r'o(t) = 0 for all t G T. 

The states of Af change, if time passes or if a transition fires. In a state q = 
<m,n>, a time <5 G R^j" can pass if for all t G enable{m) holds: v{t) + 5 < Lft{t). 
In this case, the state q' = <m',v'> is obtained by passing S from q (written 

q A q'), if 

— m' = m, and 

~ v'{t) = v{t) + (5 for all t GT. 

In a state q = <m,iy>, a transition t G T is fireable if t G enable{m) and 
v{t) > Eft{t). In this case, the state q' = is obtained by firing t from 

q (written q A q'), if 

— m' = {m \* t) U t*, and 

f 0, if t' G enable(m') \ enable(m) , 

In the case when it is essential that q' is obtained from q by firing a concrete 
transition t we shall also write q A q' . 

A state q is reachable ii q = qo or there exists a reachable state q' such that 
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q' A- q for some 6 G Rq . Let RS{Af) denote the set of all reachable states of Af. 
A q-run r in Af is an infinite sequence of states G RS{M) and time values 

5i G Rq of the form: q = qi ^ 92 ■ ■ - qn ^ • We also define time{r, n) = 

illustration, we construct the following go-run r of the time 
Petri net N\ (see Fig. 1): 

r = {{pi,P2},v = 0 ) {{pi,p2},v = 0 . 7 ) 

{{Pi,P2},v= 1) {{Pi,P5},v= 1) {{pi,p^},v= 1) 

{{Pi.Pb},v = 2) {{p^},v = 2) (0,J^ = 2) (0,jz = 5) ... 

We then have time{r, 8) = X)i<i<8 ~ 

Af is one-safe, if for every <m,v> G RS{J\f) and for every t G enable{m) it 
holds: t* n m = 0. To guarantee that in any g— run time is increasing beyond 
any bound, we need the following progress condition: for every set of transitions 
{ti,t 2 , . . . , tn} such that Vl<i<n.t*n *ti+i yf 0 and t* fl *ti yf 0 it holds 
> 0- lu the sequel, Af will always denote a one-safe time Petri 
net satisfying the progress condition. 

3 TCTL: Syntax and Semantics 

Timed Computation Tree Logic (TCTL) was introduced by R. Alur, C. Cour- 
coubetis, D. Dill ^ as a specification language for real time systems. We now 
review the syntax and semantics of TCTL. Let AP be a set of atomic proposi- 
tions. For our purpose, it is convenient to take AP = P. 

Definition 2. A formula 4> of TCTL is inductively defined as follows: 

4>:=p\ -.(^1 \ (fi ^ (t>2\ 'i4>i^~c4’2 I 34>iU^c4>2, 

where p G AP, c G N, </>i and (j )2 are formulas of TCTL, ^ stands for one of 
the binary relations {<,<,=,>,>}. For a TCTL-formula (f, let denote the 
maximal constant appearing in (f. We shall use /(~ c) to denote the interval of 
real numbers, corresponding to ' ^ cL 

Informally, 3(j)ilA^c4>2 means that for some computation run there exists an initial 
prefix of time duration less than c such that 4>2 holds in the last state of the 
prefix, and cfi holds in all its intermediate states. 

The other logical connectives can be defined as usual: = Vtrue 

3C',^c4’ = 3true 

Definition 3. Given a TCTL-formula </> and g = <m,v> G RS{Af), we define 
the satisfaction relation q \= 4> inductively as follows: 

q\=p m{p) > 0 ; 

g 1= g ^ (j)i; 

9 h </>i -t <(>2 9 ^ <('1 or g (= (j) 2 -, 

q \= 3<f>iUr~^c4>2 for some g-run r of Af,r |= (j)iUr^c4>2', 

q 1= 'i 4>\Ur~^c4>2 for every g-run r of Af ,r ^ (fiUr^c(f> 2 - 
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For a g-run r = {q = qi ^ q 2 ^ the relation r |= (piUr^c4>2 holds iff there 

exists k and S < 6k such that: (1) (J + time{r, k)) ~ c; (2) <mk,Vk + 6> \= (p 2 ', 

(3) yi < i < k . (<mj, i'i> \= 4>i A y 0 < 6' < 6i . <rrii, i2i + S'> |= (j)i); (4) 

V 0 < (5' < (5 . <mk,Vk + 6' > ^ N satisfies a TCTL-formula <j) (written 

A/” ^ (/>) iff (?o H TCTL-formula 4> is satisfiable iff there is a time Petri net 
Af such that Af \= (/)■ Notice, the TCTL satisfiability problem is undecidable p. 



As an example consider the time Petri net Afi (see Fig. 1) and the TCTL-formula 
4>i = 30>2(p 4 Aps). A/"i satisfies cj), since there exists a go-run r in Afi (see above) 
along which the places p4 and ps contain tokens at time moment equal to 2. So, 
4>i is satisfiable. 

4 Model Checking 

In this section we present an algorithm for deciding whether a time Petri net 
meets its specification given as a TCTL-formula. Since a time Petri net consti- 
tutes a dense time model, the number of its states is infinite. In order to get a 
finite representation of the state-space of the net, we use the concepts of regions 
(equivalence classes of states) and region graphs p. 

For any 6 G R))" {5} denotes the fractional part of 6, and [JJ denotes the integral 
part of 6. Let i/, v' G r{Af). Then z/ ~ z/' iff the following conditions are met: 

— for each t G T either [i'{t)\ = \y'{t)\ or both v{t) and v'{t) are greater than 

— for each t,t' GT such that v{t) < Lft{t) and z/(t') < Lft{t') : 

- Mi)}<MO}iffK(i)}<K(i')}; 

— {z^(t)| = 0 iff = 0. 

In order to simplify the checking of temporal constraints of a given TCTL- 
formula (j), we introduce an additional transition t* ^ T which is disabled in 
any marking of Af, and its time assignment therefore keeps time elapsed since 
some fixed initial moment. Let T* = T U {t*} and r*{Af) = [T* -G Rj]. We 
define an equivalence relation of r*{Af) similar to the relation ~ of r{Af), 
supposing that Lft{t*) is equal to the maximal temporal constant, appearing 
in the formula 4>. We use [v]’^ to denote the class of equivalence of r*{Af) to 
which z/ belongs. For a time assignment v and x G R))", let \\x\v\ denote the time 
assignment from r{Af)* that assigns v{t*) = x and agrees with v on the values 
of the remaining assignments. 

A region of Af w.r.t. a TCTL-formula 0 is a pair v = <m, [z^]0>, where 
<m,v> G RS{Af). We consider vq = < mo, [[OJz/q]^ > as the initial region of 
Af w.r.t. 4>- We use GS{Af, 4>) to denote the set of regions of N w.r.t. cj). When 
the context of a TCTL-formula (j) is obvious, we shall write v = <m, [v]* >, for 
simplicity. Let <m, [i^]* >, <m', [z/'J* > G GS{Af,4>)- Then <m',[z^']*> is said 
to be a 6 -successor for <m,[v]*> (written succs{<'m,[h']* >) = <m',[z^']*>) 
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if TO = to' and there exists S G R+ such that + S G [u']* and {i' + S' \ 0 < 
(5' < (5} C [v\* U [v']*. Further, <to', [v']* > is called a t-successor iov <m, 
(written succt{<m, [i/]* >) = <m', [v']* >) if there is <5 G such that {v + S'\ 
0< S' < (5}C [zz]* and <to, + <5> 4> <to', v' >. We let fireable{<m, [v]* >) = 
{t gT \ succt{<m, [v]* >) G GS{Af, (/>)} U {<5 | succs(<m, [u]* >) G GS{M, (j))}- 

For a given Af and TCTL-formula (f>, we construct the region graph G{Af, (j)) = 
(V,EJ) as follows: 

Init: St := 0, H := 0; 

l":= {z;o}; F; := 0; / := 0; 
push Vo into St; 
while 5't 0 do { 

pop V from St; 

if V is NOT already in H then { 
push V into H; 

TS := fireable{v); 

Vt GTS do { 

, J succt{v), if t G T, 

|^succ 5 (r:), otherwise 
V :=VU{v}; 

E:=EU{{v,v')}; 
l{{v,v’)) = t; 
push v' into 5't}}}. 

St indicates a stack recording the region states that remain to be explored. H 
is an array recording the regions already visited. 

A decision procedure for model checking is the following: given Af and a TCTL- 
formula (j), first construct the region graph G{Af,4>) = (V,E,l). Then label all 
its vertices with the subformulas of </> using the labelling algorithm from [P|. Af 
satisfies 4> iff <TOq, [vq]* > is labelled with cf). 

Using the ideas above, one can implement an algorithm for model checking which 
run in time linear in the qualitative part and exponential in the timing part of 
the input. 

Theorem 1. Given a TCTL-formula (j), there is a decision procedure for checking 
whether or not Af \= 4> bounded by: 

I T’l!- 21 ^ 1 + 21^1 ■n(L/t(f) + l)]. 

teT 



Proof. According to P, the number of equivalence classes of E*{Af) induced 
by is bounded by |T*|! • 22|'^*l • ntgr- {Lft{t) + 1). The maximal number 
of markings of Af is equal to Thus the number of vertices of G{Af,(j)) is 
bounded by O[c 0 - | T For each vertex in G(A/’, ^), 

there exist at most | T | output edges, representing transition firings, and one 
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edge, representing the passage of time. Hence, | E \= 0[c^- | T |! • • 

riteT('^/^(^) + !)]■ G{N,4>) can be constructed in time 0[|H| +|if|]. Thus 

the labelling algorithm takes time 0[| </> | -(I F | Tlifl)] =0 [| </) | -c^- | T \ 
,. 2 iPi+ 2 iTi.n^^^(L/t(t) + i)]. □ 

5 A Partial Order Reduction 

In this section we show how to reduce the size of the region graph G{Af, (f>) 
without affecting the correctness of the model checking procedure. The idea 
of the reduction is based on exploring for each visited vertex of G{J\f, (j)) only 
a subset of its successors and, hence, a logical formula can be verified in less 
space and time. In order to show the correctness of the reduction, we introduce 
a notion of a timed stuttering equivalence. Before doing so, we need to define 
some auxiliary notations. For a TCTL-formula let P{4>) be the set of atomic 
propositions and G{(f>) the set of temporal constraints, appearing in (f). 

Definition 4. Let (f>he a, TCTL-formula and G' = G{M, (j)') = {V, E' , I'), G" = 
G{N,(j>") = {V" ,E" ,1") the region graphs such that P{(t>) = P{,(i>') — P{.(t>") 
and G{(j)) = G{4>') = C(0"). Let Vq and Vq are the initial vertices of G' and G", 
respectively. A relation QV' x V" is a timed stuttering equivalence w.r.t. (j) 
(w.r.t. atomic propositions and temporal constraints, appearing in (j)) between G' 
and G" , if (v'q, Vq) S and for all (v' = <m', [i/']* >, v" = <m", [v"\* >) S 
it holds: 

1 . to' n P{4>) = C P{4')^ and v'{t*) ~ c v"{t*) ~ c for all ' ~ c' in G{4>)\ 

2. a) if (t>', v[) € E' then there exists • • • , u" S V"{n > 0) such that v" = 

S E” A for all 0 < f < n, and S 

b) similar to item (a) but the sets V and E' are exchanged by V" and E" , 
respectively. 

G' and G" are timed stuttering equivalent w.r.t. (j) (written G" Ri^ G") if there 
exists a relation r:^ between them. 

Theorem 2. Let (f> he a TCTL-formula and G', G" region graphs such that 
G' R !0 G". Let v' and v” be vertices of G' and G", respectively. If {v',v”) G 
then v' is labelled with (p iff v” is labelled with 4>. 

Proof. It follows similar lines as other standard proofs of that a stuttering 
equivalence is a necessary and sufficient condition for ensuring that the two 
stuttering equivalent structures satisfy the same logical formulas (see e.g., | 3 ). 

□ 

We now try to find the proper constraints on the subset that is chosen to be 
explored at each visited vertex of G{Af,4>). Let t be a transition in T and v = 
<m,[i']*> a vertex in G{Af, cp). Then 

— a transition t' is in conflict with t if fl *t' 0 and t t' . Let conflict{t) 

denote the set of transitions conflicting with t; 
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a transition t' is a predecessor of t in r; if t' F*t and *t' C m, where F* is the 
transitive reflexive closure of F. Let pred{t^ v) denote the set of predecessors 
of t in v; 

a transition t' is a +-predecessor of f in n if t' is a predecessor of a transition 
t” conflicting with a predecessor t'” of t and dist(t' ,t") < where 

dist{t, t) is the minimal value of sums of the earliest firing times of transitions 
in the paths from t to i, not including Let pred'^{t, v) denote the set 

of +-predecessors of t in v; 

a transition t' is a visible w.r.t. a TCTL-formula (p if (*t U t*) fl 7^ 0; 
Let visible{4>) denote the set of transitions visible w.r.t. p; 
visible+{v,(p) = Utevisibie{^){pred{t,v) U pred+{t,v)); 
a time 6 is visible w.r.t. to a TCTL-formula (p in v, if the value of t*’s time 
assignment is in the interval /'(^ c), where 
_ / [0,c), if ^ 

[0, c] U I(~ c), otherwise, 
dependent{v, (p) = visible'^ {v , (p) U visible'^ {v, (p). 



c) = 



For the time Petri net N\ (see Fig. 1) and the TCTL-formula p2 = 30>i(p4) we 
have: conflict{t 2 ) = {ti}, pred(t2, I'd) = {^2}; 'Cq) = {ti\ ^ visible{p 2 ) = 

{^2: ^5}: visible~^{vo, (P 2 ) = {^i; ^2}j visible'^ (t>o, <('2) = {i^} and dependent{vo, P 2 ) 
={S,ti,t2}- Whereas, for Afi and the TCTL-formula ps = 30>ip5 we get: 
conflictpto) = 0, pred{te,vo) = {ta}, pred+{te,vo) = 0, visible^ps) = 
visible'^ (vQ^p'i) = {ta}, visible'^ {vq, ps) = {^} and dependent{vo,p3) = {^, ta}- 

We define a set ready{v, p) as a minimal subset of t- and ^-successors from 
fireable{v) such that fireable{v) C\ dependent{v , p) C ready{v,p). 

For the time Petri net A/i and the TCTL-formula p^ we get fireable{vo) = 
{S,ti,t2,t3} and ready{vQ,p3) = {<5 , fa}- 

The complexity of the construction of ready{v, p) is 0 {\ P | • | T p). The al- 
gorithm of the construction of a reduced region graph Gr{N,P) is that of the 
construction of the region graph G(A/’, p) except for the set T S which is defined 
as ready{v, p). 

Theorem 3. Let the region graph G' = G{Af, p) and a reduced region graph 
G" = G{N, p) be given. Then G' G" . 

Proof. See Appendix. 

Thus from Theorems 2 and 3 it follows that the labelling algorithm for G{Af, p) 
can be reduced to the labelling algorithm for Gr{N,P). 

Currently we have found in the literature only two papers developing partial 
order techniques for time Petri nets: the paper H3] by Lilius and the paper m 
by Yoneda et al. Lilius proposes to exploit McMillan’s reduction techniques ba- 
sed on unfolding in the state-space search of time Petri nets. In the approach 
by Yoneda et al., the notion of independence between transitions is structural 
like ours, because ready sets are calculated using the structure of the net. Ho- 
wever, our method allows us to reduce not only the number of states obtained 
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by transition firings but also those obtained by the passage of time. The price is 
that we have to control the values of time assignments for transitions but it does 
not have any noticeable influence on the complexity of the method. Further, the 
proof of the correctness of our algorithm is novel in that instead of using tra- 
ces, i.e. equivalence classes of sequences, we show a timed stuttering equivalence 
between the full region graph and a reduced one. 

We have implemented both the basic model checking algorithm and its partial 
order improvement on a Pentium 166 MHz with 128 MBytes of memory in C-| — h 
as a part of the system PEP (Programming Environment based on Petri Nets) 
0. The performance of both the algorithms can be demonstrated with an ex- 
ample of concurrent n-buffer from 0 extended with timing constraints. The 
corresponding time Petri net has 2n places, n + 1 transitions, and the first and 
{n+ l)th transitions have the time interval [1,1], whilst the others are associated 
with the time interval [1,2]. As an example property, we verify, if the nth slot of 
n-buffer is not empty at least once during the time interval (n, 2n — 1) along any 
computation run. The table below shows the impact of reduction on the effec- 
tiveness of the model checking. The ‘n’ column refers to the capacity of buffer. In 
the ‘G’ and ‘Gr’ columns, we list the numbers of vertices (‘| V ]’), edges (‘| E ]’) 
and times (‘r’) in seconds measured for checking the fixed TCTL-formula in G 
and Gr, respectively. 



n 


1 


G 

\E\ 


T 


1 


Gr 


T 


2 


36 


43 


0.02 


33 


39 


0.01 


3 


130 


168 


0.10 


117 


153 


0.08 


4 


1368 


1813 


0.39 


923 


1187 


0.30 


5 


10928 


14632 


29.3 


7341 


10015 


21.1 


6 


117745 


151250 


5020 


85136 


99814 


3127 


7 


— 


— 


— 


506138 


679254 


18812 



As a future work, we suppose to approach the possibility of increasing an effec- 
tiveness of behaviour analysis algorithms by means of using different methods 
of reduction: symmetry j^, ‘unfolding ’ ca, symbolic states 0, and also to im- 
plement experimental researches with real-life communication protocols. 
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Appendix 

Proof Sketch of Theorem 3. 

We construct the relation V' xV" as follows: {(w' = <m', [v']* >,v" = 

<m'' >) I dependent {v' , (j)) = dependent {v' (f), m' D P{(j>) = m" D 
and v'{t*) ~ c 44 v”{t*) ~ c for all ' ~ c' in C{4>)}. Let us show that is a 
timed stuttering equivalence w.r.t. (j) between G' and G" . Before doing so, we 
need to consider the following 
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Claim A. 

Let {v',v") (v',v[) G E' and = t' . If t' ^ dependent{y' , 4>) then 

G 

Claim B. 

Let {v',v") G« 0 , (v",v'{) G E" and l"{{v",v'{)) = t". If t" ^ dependent {v' ' ,(j)) 
then {v',v'{) G 



Claim C. 

Let {v',v”) G«;. Let G E' , l'{{v',v[)) = t' and (v",v'{) G E", /"((r 

= t" such that t' G dependent{v' , 4>) and t” G dependent {v' 4>) ■ Then 



,<)) 



(i) t' ^ fireable{v") A t" ^ fireable{v') At' ^ t" => Wi,v'() G 

(ii) t' G fireable{v") A t" G fireable\v') At' = t" \v'i,v'() G 



The proofs of the claims are too technical to appear in the paper. 



We proceed the proof of that is a timed stuttering equivalence w.r.t. </> bet- 
ween G' and G" . Suppose Vq and v'q to be the initial vertices of G' and G", 
respectively. According to the construction of G' and G", we have {v'q, v'q) G 
because v'q = v'q. Assume {v',v") G The validity of point 1 of Definition 4 
follows from the construction of Consider point 2(a) of Definition 4 (point 
2(b) is symmetrical). Suppose (v',v'i) G E' . We have to show that there exist 
• • • ,u” G V"{n > 0) such that v" = ((v*,u*+^) G E" A {v',v') G«p for 

all 0 < i < n, and (ui,v”) G Two cases are admissible. 

n = 0. If t' ^ dependent {v' , 4>) then the result immediatly follows from Claim A. 
Consider the case t' G dependent{v' , (j)) ■ Let us show that fireable{v") = 

0. Suppose a contrary, i.e. fireable{v") ^ 0. W.l.o.g. assume | fireable{v") \ 

1. Let l"{{v",v^)) = t". If t" ^ dependent{v” , (j)) then using Claim B 
we get (u',u^) G contradicting our assumption. Consider the case 
t" G dependent{v" , (j>) . We distinguish two cases. 

1. t' G visible''^ {v' ,(j>) V t" G visible~^{v" ,4>). Then t' ^ fireable{v") 
and t" ^ fireable{v'). Due to Claim C(i), we have (u^jU^) G 
contradicting our assumption. 

2. t' G visible'l {v' , 4>) At" G visible'^ {v" Then t' G fireable{v") 

and t" G fireable(v'). Due to Claim C(ii), we get {v'i,v^) G 
contradicting our assumption. 

So, fireable{v") = 0. We now show that t' ^ visible'^ {v' ,4>). Assume 
a contrary, i.e. t G visible'^ {v' , (p) . Then t G visible^ {v" ,4>), by the 
construction of Hence it holds: G visible{(p) . [t F* t A *t C 

m''] V [3i {i F*t A 'i C m"), 3i CtlT* t yf 0 A i^T) .{t F*t A *t C 
m" A dist{t,i) < Lft{i))]. Further, since t ^ fireable{v"), it also holds: 
Vd G R+({:^"-fi,5' I 0 < y < (5} C [v"Y) . {“t % m" V C'{t) + 6 < Eft{t)). 
Hence, v"{t)+S < Eft{t) for all d G R'*' such that {C'+S' | 0 < <5' < d} C 
[C]*. We get a contradiction, because r'g (C) > Lft{t') for all t' G T*. 

So, we have t G visible^ {v' , (p) . Since v'l = succs{v'), then m' = m'l and 
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there exists <5 € R+ such that + S G and {i^' + | 0 < <5' < 5} C 

[ly']* U [v'-\\*. Hence m' fl P{4)) = m'l fl 

Let us next show that v'{t*) ~ c ~ c for all ' ~ c' in C{(j>). 

Supposing a contrary, we get two cases: (a) v'{t*) ^ c A 7^ c 

for some ' ~ c' in <j), and (6) v'{t*) qA c A ~ c for some ' ~ c' 

in <j). The case (a) contradicts either if {>,>}, or 

v'{t*) ~ c<t^ v”\t*) ~ c, because v”{t*) > c^, if {<,<,=}• The case 
(&) obtain similary. 

We finally show 6 G visible'^ {v[, (j)). Suppose a contrary, i.e., v'{t*) G 
c) for some ' ^ c' in and ^ /'(~ c) for all ' ~ c' in cj). 

This contradicts either the definition of /'(~ c), because 
if ~G {>,>}, or v'{t*) ~ c ~ c, because > Ctj,, if 

{<,<,=}• 

Thus, dependent{v' , 4>) = dependent{v{, </>), m! fl P{4>) = rn'i fl P{4>), and 
v'{t*) ~ c ~ c for all ' ~ c' in C((/)). Since {v' G«J, then 

G due to the construction 

n > 0. W.l.o.g. assume n = 1. Let l"((v",v^)') = t". If (t' G dependent{v' ,4>) ^ 
t” ^ dependent{v" ,<f))) or {t' ^ dependent{v' , (j)) At" G dependent{v" ,(j))), 
then using Clams A and B we get a contradiction to our assumption. It 
remains to consider two cases. 

1. t' ^ dependent{v' , (p)At" ^ dependent{v" , <j)). The result follows from 
Claims A nad B, because {v',v") G«*. 

2. t' G dependent{v' , 4>) At" G dependent {v" , (j)) . The result immediately 
follows from Claim C(i, ii). 

So, there exist G V"{n > 0) such that v" = G E" A 

{v', V*) G«p for all 0 < i < n, and , u”) G Thus, is a timed stuttering 
equivalence w.r.t. (p between G" and G". □ 
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Abstract. Recently, an algebraic approach which can be used to com- 
pute distance-based graph invariants on fasciagraphs and rotagraphs was 
given in [Mohar, Juvan, Zerovnik, Discrete Appl. Math. 80 (1997) 57-71]. 
Here we give an analogous method which can be employed for deriving 
formulas for the domination number of fasciagraphs and rotagraphs. In 
other words, it computes the domination numbers of these graphs in 
constant time, i.e. in time which depends only on the size and struc- 
ture of a monograph and is independent of the number of monographs. 
Some further generalizations of the method are discussed, in particular 
the computation of the independent number and the fe-coloring decision 
problem. Examples of fasciagraphs and rotagraphs include complete grid 
graphs. Grid graphs are one of the most frequently used model of pro- 
cessor interconnections in multiprocessor VLSI systems. 



1 Introduction 

The notion of a polygraph was introduced in chemical graph theory as a genera- 
lization of the chemical notion of polymers 0. Polygraphs are not only of interest 
in chemistry. For example, grid graphs are one of the most frequently used model 
of processor interconnections in multiprocessor VLSI systems 0 . An important 
class of polygraphs form fasciagraphs and rotagraphs. For example, complete 
grid graphs are fasciagraphs and Cartesian products of cycles are rotagraphs. 

In general, problems related to domination in graphs are widely studied (rq. 
The problem of computing the domination number of grid graphs is NP-complete 
while the complexity is open for complete grid graphs (with both k and n va- 
riable), cf. in\- Hence it is worthwhile to look for algorithms that compute the 
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Slovenia under the grant J2-1015. 
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domination numbers of these graphs. Among many applications of domination 
numbers of grid graphs let us only mention the link between the existence of 
perfect Lee codes and minimum dominating sets of Cartesian products of paths 
and cycles m- 

An algebraic approach yielding O(logn) algorithms for various problems on 
fasciagraphs and rotagraphs was proposed in m- The problems treated include 
the domination number, the independent number and the fc-coloring problem. 
Analogous method was successfully applied to computing graph invariants of in- 
terest in chemistry, including computation of the Wiener index m, the Szeged 
index |E|, the determinant and the permanent (see j21)li I II respectively). Exi- 
stence of constant time algorithms on fasciagraphs and rotagraphs for distance- 
based graph invariants was proved in m- Recently, a computer program in 
Mathematica for computing the formulas for Szeged index of infinite families of 
fasciagraphs was developed m- In this paper, we prove that it is possible to 
use analogous approach for deriving formulas for domination numbers on fascia- 
graphs and rotagraphs. Furthermore, we sketch how the same approach can be 
used to compute the independence number of fasciagraphs and rotagraphs and 
how we can decide A:-colorability of such graphs by a constant time algorithm. 

The rest of the paper is organized as follows. In the next section a concept of 
a polygraph is introduced and two special subclasses of graphs, the fasciagraphs 
and the rotagraphs are defined. In Section 0 the concept of a path algebra is 
introduced and an algorithm is recalled (from | 23 |) which can be used to solve va- 
rious problems on fasciagraphs and rotagraphs. In Section 0 we give an instance 
of the algorithm which computes the domination number of a fasciagraph and a 
rotagraph. We then prove that the powers of the matrices which correspond to 
the solution have a special structure, which implies existence of a constant time 
algorithm for computing any power. Together with the results of Section 0 this 
implies the main result, the Theorem 01 In the last section we discuss two more 
examples, the independence number and the A:-colorability decision problem. 

We finally observe that the approach can also be extended to a wider class of 
graphs including polygraphs, but in this case the algorithms become linear. Ho- 
wever, since these graphs have bounded tree-width, linear algorithms are already 
known. 



2 Polygraphs 



We consider finite undirected and directed graphs. A graph will always mean 
an undirected graph, a digraph will stand for a directed graph. and C„ will 
denote the path on n vertices and the cycle on n vertices, respectively. An edge 
{m, u} of a graph will be denoted uv (hence uv and vu mean exactly the same 
edge). An arc from u to u in a digraph will be denoted (u, v). 

Let Gi, G2, . • . , Gn be arbitrary, mutually disjoint graphs, and let Ai, X2, 

. . . , Xn be a sequence of sets of edges such that an edge of Xi joins a vertex 
of V{Gi) with a vertex of E(Gi+i). For convenience we also set Go = G„, 
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Gn+i = Gi and Xq = X„- This in particular means that edges in join 
vertices of with vertices of Gi. A polygraph 

= f?„(Gi, G 2 , . . . , G„; Xi, X 2 , . . . , X„) 

over monographs Gi, G 2 , . . . , Gn is defined in the following way: 

y(G„) = l/(Gi) U V{G2) U • • • U 1/(G„), 

= A(Gi) U Xi U E{G2) U X 2 U • • • U E{Gn) U X„. 

For a polygraph and for i = 1, 2, . . . n we also define 

Di = {u & V{Gi) I 3v € Gi+i : uv € Xi}, 

Ri = {u G V{Gi^i) I S Gi : uv G X^}. 



In general Ri fl Di+i need not be empty. 

Assume that for 1 < f < n, G^ is isomorphic to a fixed graph G and that we 
have identified each Gi with G. Let in addition the sets Xi, 1 < i < n, he equal to 
a fixed edge set X C 1^(G) x V{G). Then we call the polygraph a rotagraph and 
denote it u>„{G;X). A fasciagraph ip„(G;X) is a rotagraph a>„(G;X) without 
edges between the first and the last copy of a monograph. Formally, in '0„(G; A) 
we have Xi = A 2 = • • • = X„_i and X„ = 0. Since in a rotagraph all the sets 
Di and the sets Ri are equal, we will denote them by D and R, respectively. 
The same notation will be used for fasciagraphs as well, keeping in mind that 
Rn and Dq are empty. 

3 Path Algebras and the Algorithm 

In this section a general framework for solving different problems on the class 
of fasciagraphs and rotagraphs is given |23|. The essence of the method is a 
computation of powers of matrices over certain semirings. We wish to remark 
that similar ideas are implicitly used in PEg. Before giving the algorithm, a 
concept of path algebras is introduced. We follow the approach given in j^], see 
also pTTT 2 j . 

A semiring V — (P, ©, o, 0, 1) is a set P on which two binary operations, 
© and o, are defined such that 

(i) (P, ©) forms an commutative monoid with 0 as unit, 

(ii) (P, o) forms a monoid with 1 as unit, 

(iii) operation o is left- and right-distributive over operation ©, 

(iv) for all X G P, a: o 0 = 0 = 0 o X. 

An idempotent semiring (for all x G P, x©x = x) is called a path algebra. 
It is easy to see that a semiring is a path algebra if and only if 1©1 = 1 holds. 
Examples of path algebras include (for more examples we refer to 0): 

Pi : (INo U { 00 }, min, +, 00 , 0) , 

P 2 : (INo U {— 00 }, max, +, — 00 , 0) , 

P 3 : ({0, 1}, max, min , 0, 1) . 
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Let V = (P, ©, o, 0, 1) be a path algebra and let M.ni'P) be the set of all 
nxn matrices over P. Let A,Bg Aini'P) and define operations A®B and AoB 
in the usual way: 

{A(BB)ij = Aij(BBij , 
n 

{,A o B^ij = 'y ^ Aif^ o Bf^j . 
fc=i 

Aini'P) equipped with the above operations is a path algebra itself with the zero 
and the unit matrix as units of the semiring. 

Let P be a path algebra and let G be a labeled digraph, i.e., a digraph together 
with a labeling function £ which assigns to every arc of G an element of P. Let 
V{G) = {ui, V 2 , ■ ■ • , Vn}- The labeling £ of G is extended to paths as follows. 
For a path Q = ■ ■ ■ {x^^_-,,Xi^) of G let 

£{Q) = £{xi„,Xi^) o £{xi-,,Xi^) o ■ ■ ■ o £{xi^_^,Xi^). 

Let S^j be the set of all paths of order k from Xi to Xj in G and let A{G) be 
the matrix defined by A{G)ij = £{xi, Xj) if {xi, Xj) is an arc of G and A{G)ij — 0 
otherwise. Now we can state the following well-known result (see, for instance, 
0 p. 99]): 

Theorem 1. (A(G)'=)ij = ^ £{Q) . 

Let ipn{G\X) and w„(G;X) be a fasciagraph and a rotagraph, respectively. 
Set W = Di U Ri = D U R and let N = Define a labeled digraph Q = 
Q{G',X) as follows. The vertex set of Q is formed by the subsets of W, which 
will be denoted by Gf, in particular we will use Go for the empty subset. An arc 
joins a subset Gi with a subset Gj if Gi is not in a “conflict” with Gj. Here a 
“conflict” of Gi with Gj means that using Gi and Gj as a part of a solution in 
consecutive copies of G would violate a problem assumption. For instance, if we 
search for a largest independent set, such a conflict would be an edge between 
a vertex of Gi and a vertex of Gj. Let finally £■. E{Q) ^ P he a, labeling of Q 
where P is a path algebra on the set P. The general scheme for our algorithm 
is the following: 

Algorithm 2 

1. Select an appropriate path algebra P = (P, ©, o, 0, 1). 

2. Determine an appropriate labeling £ of Q(G\ A). 

3. In Mwi'P) calculate 

4. Among admissible coefficients of A(C/)” select one which optimizes the cor- 
responding goal function. 

It is well known that, in general. Step 3 of the algorithm can be done in 
O(logn) steps. In Section 0 we will show that in some cases it is possible to 
compute the powers of the matrix A(^)" in constant time, i.e. with an algorithm 
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of time complexity which is independent of n. Hence if we assume that the size 
of G is a given constant (and n is a variable), then the algorithm will run in 
constant time. However, the algorithm is useful for practical purposes only if 
the number of vertices of the monograph G is relatively small, since the time 
complexity is in general exponential in the number of vertices of the monograph 
G. 

4 Domination Numbers of Fasciagraphs and Rotagraphs 

A set S of vertices of a graph G is a dominating set if every vertex from V {G)\S 
is adjacent to at least one vertex in S. The domination number, 7(G), is the 
smallest number of vertices in a dominating set of G. 

Let tpn{G;X) and w„(G; X) be a fasciagraph and a rotagraph, respectively. 
Let Gi, Cj G V{G{G;X)), i.e., Gi,Gj C D U R, and consider for a moment 
’ii)^{G-,X). Let Gi G D\VJ R\ and Gj C Z?2 U i?2, where Di = D2 = D and 
R\ = i?2 = R- 

Let 'fij{G; X) be the size of a smallest dominating set S C G2\((Gi fl i?i) U 
{D 2 n Gj)), such that G2 is dominated by Gi U S' U Gj. Then set 



£(G„ G,) = |G, n i?| + 7,,(G; X) + \Dn G,| - |G, n G,| (1) 



The labeling implies that (Gj, Cj) is an arc of Q{G; X) if CidRnDdCj = 0. 

Algorithm 3 

1. For a path algebra select Vi = (INq U {00}, min, +, 00, 0). 

2. Label G{G;X) as defined in Q. 

3. In MNi'Pi) calculate A(C/)”. 

4. Let j{ip„{G;X)) = (A(^)”)oo and 7(w„(G; A)) = min(A(t/)”)i,. 

I 

We first discuss the correctness of the algorithm. 

Lemma 1. Algorithm\^ correctly computes "/{ipniG; X)). 

Lemma n was proved in while the rotagraphs part was left to the reader. 

For completeness, we give here a proof of the next Lemma. 

Lemma 2. Algorithmic correctly computes 7(a;„(G;A)). 

Proof. By Theorem Q for any Cj , 

(MS)’^)n = min £(Q) 

= min (£(G,,G,J + £(G,,,G,J + ---+^(G,„_,,G,)). 

Assume now that the minimum is attained on indices ii, 12, ..., in-i- Then 
(A(G)")jj is equal to 
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{\Cj ni?o| + 7i,ii + \Di nCijl) + (|Cij ni?i| + 711,22 + I-D2 nc^jl) + • • • + 

(|C'i„_i n Rn-l\ + 7in-l.i + \^n ^j\)- 

By the definition of "fij, the above expression is the size of a dominating set of 
ojn{G-,X). On the other hand, a smallest dominating set of w„(G;X) gives rise 
to such an expression for some Cj, thus 

j 

is the size of a smallest dominating set of o;„(G; X). □ 

We now prove a Lemma which will imply the existence of a constant time 
algorithm for computing the powers of A{Q) in step 3 of the Algorithm 0 

Let us denote Ai = A{QY. Note that the meaning of the value of {Ai)ij is the 
size of the dominating set of a subgraph of ijji{G;X). More precisely, provided 
that the sets Gi and Gj are not conflicting, {Ai)ij is the domination number of 
the subgraph induced on the vertices 

(+(Gi) \ Gi) U V{G2) U . . . U y(Gz_i) U {V{Gi) \ G,). 

It can be shown that for large enough indices I, the matrices A/ have a 
special structure that enables us to compute them efficiently. The following 
proposition is a variant of the “cyclicity” theorem for the “tropical” semiring 
(INq U 00 , min, +, oo, 0), see, e.g., 0, Theorem 3.112]. By a constant matrix we 
mean a matrix with all entries equal. 

Lemma 3. Let k = \V{Q{G; X))\, and K = |y(G)|. Then there is an index 
q < {2K + 2)^ such that Dq = Dp + G for some index p < q and some constant 
matrix G. Let P = q — p. Then for every r > p and every s > 0 we have 

A^^gP = + sG . 

Proof. First we prove the claim: For any I > 1, the difference between any pair 
of entries of Ai, both different from oo, is bounded by 2K. 

Assume {Ai)ij oo. Then clearly, 

{M\,<i{UG-x)) 

and, since |Gi AR\ + \D C\Gj\ < 2|17(G)|, 

{AiY,>^mG-,X))-2\V{G)\ 



Hence the claim follows. 

For / > 1, define Ki = min{(A;)y} and let A[ = Ai — {Ki)J, where J is the 
matrix with all entries equal to 1. Since the difference between any two elements 
of A/, different from oo, cannot be greater than 2K. (Note that oo — x = oo 
for any x.) The entries of AJ can therefore have only values 0,1,..., 2K, oo and 
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hence there are indices p < q < {2K + 2)^ such that A'p = A'^^. This proves the 
first part of the proposition. 

The equality Aj-t-sp = A^. + sC follows from the fact that for arbitrary 
matrices D, E and a constant matrix C we have 

{D®C) oE = Do E®C. 

This can easily be seen by computing the values of ij-th entries of both sides of 
the equality: (T>©C) o E)ij = mink{(iD)ik + (C)ik) + {E)kj} = mmk{{D)ik + 
{E)kj} + {C)ij and {D o E®C)ij = Toh).k{{D)ik + {E)kj} + □ 

Note that since k < \V{g{G-,X))\ = 2l'^l = N < 2\V{G)\, and K = |y(G)|, 
the constants p, q and P in Lemma 0 depend only on the size of the monograph 
and are thus independent of n. 

Lemma 4. Algorithm\^ can be implemented to run in constant time. 

Proof. First note that for Step 2 of Algorithm 01 any procedure for computing 
the domination number can be used since the time complexity is clearly constant 
in n. With the same argument Step 4 can be computed in constant time. 

Finally, the time complexity of Step 3 is constant in n because of Lemma 01 
For any n, only constant number, q, of powers of the matrix has to be computed. 
Then the formula A„ = An-jp + jG can be used, where j = {n — p) div P. □ 



Combining Lemmas QEland El we have 

Theorem 4. Alg or ithm\^eorreetly computes ^ {ip n{G', X)) and j{uJn{G; X)) and 
can be implemented to run in 0{G) time. 



Example. The Cartesian produet G = H U K of graphs Lf and K is the graph 
with vertex set V{G) = V{H) x V{K). Vertices {x\,X 2 ) and (yi, 2 / 2 ) are adjacent 
in HUK if either xiyi € E{H) and X2 = V2 or X2V2 G E{K) and X\ = y\. 
Note that PfeDPn = 1pn{Pk;X), PkDCn = UJn{Pk;X), CkDCn = iOn{Ck\X) 
and Gfe □ = ipn{Ck', X), where X is the matching defined by the identity 

isomorphism between two copies of Pk and Ck, respectively. 

One of the motivations for this work was a widely studied problem of deter- 
mining the domination number of complete grid graphs and Cartesian products 
of cycles I bp I H|22j . For complete grid graphs, i.e. graphs algorithms 

were given in PI which for a fixed k compute 7(Pfc □ Pn) in 0(n) time. An 
O(logn) algorithm was proposed in [23|- Of course, the Theorem 0 implies that 
the domination number problem for k x n grids, where k is fixed, has a constant 
time solution, which was claimed already in PI- 

It may be interesting to note that in PH formulas are given for families 
{PkDPn I n G IN} for fc up to 19. For fc > 20, it is conjectured jOj that 



j{Pk □ Pn) = 



{k -|- 2) (n -|- 2) 



-4 



and the problem is still open. 



□ 




566 



J. Zerovnik 



5 Two More Applications 

The size of a largest independent set of vertices of a graph G is called the 
independence number of G, a{G). Select V 2 = (INq U {— 00 }, max, +, — 00 , 0) 
as a path algebra and define a labeling of Q{G;X) similarly as in |IJ. The 
difference is that two vertices are in conflict (and hence the corresponding arc 
must be labeled — 00 ) if {Gi (1 R)U {Gj fl D) is not an independent set in G. 

We omit the proof of a lemma saying that the difference in size of independent 
sets of subgraphs induced on 

(F(Gi) \ GO U V{G2) U . . . U V{Gi-i U {V{Gi) \ G,). 

for fixed I and variable Gi and Gj can only differ at most for 2\V{G)\. 

Consequently we have 

Theorem 5. One can compute a(jijjn{G; X)) and a{uJn{G; X)) in constant time. 

As a second application we consider the /c-coloring problem. To solve it on 
fasciagraphs and rotagraphs we first select = ({0, 1}, max, min, 0, 1) as a 
path algebra. We next define a labeled digraph t/(G; X) slightly different as we 
did by now. The vertex set of Q is formed by the /c-colorings of W — DOR 
or, equivalently, by the fc-partitions of W with parts being independent sets. 
An arc joins a fc-coloring Gt with a fc-coloring Gj if and only if the correspon- 
ding partitions coincide on their (possible) intersection in G 2 and can be ex- 
tended to a fc-coloring of G 2 . The labelling of Q{G\X) is then defined just by 
the adjacency relation. Finally, in we calculate A(^)" and conclude 

that that '0„(G;A) or w„(G;A) is fc-colorable if and only if (A(^)")oo = 1 or 
max(A(5)")ii = 1, respectively. 

i 

By observing that the maximal differences between pairs of entries of matrix 
A{Q) is bounded, we have: 

Theorem 6. The k-coloring problem of the graphs tpniG; X) and Un{G\X) is 
solvable in constant time. 

Remark. There are many further examples on which the method can be 
used. A good starting list may be the domination-type problems studied in m- 
An interesting question is to And a general properties which a problem must 
fulfill. 

Remark. The algebraic approach used here can also be generalized to more 
general graphs, for example to graphs which are obtained from trees by expan- 
ding nodes to arbitrary (small) graphs. The matrix must then be replaced by a 
tensor of dimension equal to the degree of the vertex (monograph) in the original 
tree. Computing the matrix products, starting from leaves to the center of the 
tree would yield an algorithm, linear in n. Again, these are graphs of bounded 
tree- width, for which existence of linear algorithms for many problems is already 
known. 

Even more easily, our algebraic approach can be extended to polygraphs 
as well. Instead of computing a single graph Q{G] X) and calculating the n-th 
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power of A{Q), we must determine n graphs and calculate the matrix product 
of the corresponding matrices over an appropriate path algebra. This yields to 
0(n) algorithms for polygraphs. However, the tree-width of a polygraphs can be 
bounded by a constant depending on the size of a monograph. (For definitions 
of a tree- width see, for example, E3EZEDI, cf. also p.) Arnborg and Proskuro- 
wski, PI, see also P, obtained linear time algorithms for different problems of 
graphs with bounded tree-width, including dominating set, independent set and 
fc-colorability problem. Their algorithms are linear in the size of the problem 
instance, but are exponential in the tree-width of the involved graphs - the case 
analogous to the present approach. 
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